Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 51

Thread: PIFTS.exe

  1. #1
    jerryyelserp Guest

    Default PIFTS.exe

    Anyone know what PIFTS.exe is?
    Safe or not?

  2. #2
    daenris Guest

    Default Re: PIFTS.exe

    Not sure.
    I'd never heard of this before today, and there is nearly no information available about it.
    A thread has been started to ask about it several times (at least) on the Norton Forums tonight, but even after receiving several thousand views in a few hours, they are being quickly deleted (my own post was deleted within 5 minutes, when all it was was asking for information about PIFTS.exe if anyone knew).
    For some reason, the moderators at the Norton forums don't want these questions even on their board at all.

    I've chosen to block the applications internet access until there's more information available.

  3. #3
    jerryyelserp Guest

    Default Re: PIFTS.exe

    Clearly something is brewing with Norton. Apparently they are deleting posts asking about this application.
    My zone alarm log shows this application is being launched by my Norton AV as an update process.
    There have been over 150 views of my original post in about
    10 minutes.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: PIFTS.exe


    <blockquote><hr>JerryYelserp wrote:
    Clearly something is brewing with Norton. Apparently they are deleting posts asking about this application.
    My zone alarm log shows this application is being launched by my Norton AV as an update process.
    There have been over 150 views of my original post in about
    10 minutes.
    <hr></blockquote>


    All I found on google was it was to be found in a non exisitant folder in a symantec folder,
    You should check the file properties as seen in the ZA program listing.
    Both file details and file location can be found.
    Then manually check the folder and see if it is there.

    If it is not seen but the file is active, then I would assume the file is hidden (as similar to a rootkit file - not seen but there hidden). This is still not a true rootkit activity. As it is using windows tcp stack correctly to connect to the internet, instead of doing typically what rookits usually do and use their own virtual drivers or virtual tcp stacks to connect to the internet, thus avoiding the correct tcp stack process and avoid detections by both windows and by software firewalls.
    Perhaps a rootkit detector as GMER would help you see the file paths, file connections and hooks and location? That is if the file is actually hidden in the first place.

    Oldsod.
    Best regards.
    oldsod

  5. #5
    daenris Guest

    Default Re: PIFTS.exe

    On my system the file is located inside what appears to be a downloaded update file from Symantec. C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1236641345jtun_ pifts.zip.full.zip (not sure if the filename itself is consistent between systems). So far it appears to be some sort of update to Norton, but with absolutely no explanation provided, and obviously some hush-up attempts on the Norton forums.

  6. #6
    buff Guest

    Default Re: PIFTS.exe

    From Norton's own forum's usage guidelines:
    http://community.norton.com/norton/b...mp;thread.id=1
    "- Symantec retains the right to remove content and limit users' access -

    Symantec does not generally edit or monitor content posted by participants to the Forums. However, Symantec retains the right, at its sole discretion, to limit participants access to the Forums and to remove material that, in the sole judgment of Symantec, does not comply with the present Usage Guidelines, or that is otherwise inappropriate for these Forums, harmful, objectionable, or inaccurate. Symantec is not responsible for any failure or delay in removing such material.

    Symantec Forum moderators may take any action they deem necessary in their own judgment to support the Usage Guidelines. Such actions may include editing or deleting material and banning individual participants.&quot;
    Hmmmm doesn't say anything about closing down legit concerned customer questions, unless embarrassing questions fall under the &quot;harmful, objectionable (to symantec)&quot; clause.
    Didn't anyone learn from watergate it's the cover-up that always gets you?
    Honestly, I find the
    deleting of CUSTOMER posts about something their SECURITY product is either doing (or
    seems to be unable to stop being exploited by a virus/trojan/whatever)
    disgusting. I've been moving totally away from their bloatware for a couple of years now, with &quot;save and restore&quot; the only POS left on my computer (for drive imaging) and am really glad. This is the last straw for me. Guess I need to shell out for another
    imaging program
    I had PIFTS in the same place C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\updt333

  7. #7
    fatbear Guest

    Default Re: PIFTS.exe

    Hi,

    I have NIS and it generated an alert about PIFTS.exe this morning. I Googled it and got no hits - ZERO. I went to the Norton community forums to ask if anyone else had encountered it and what to do and found that another user had asked the same question. I added mine and a number of others added theirs, then the thread was deleted. Another thread popped up. The first one was just people who were wondering what was going on, but the second thread was full of suspicions. When Norton deletes a thread which was full of totally legitimate and non-threatening questions you really have to start wondering and apparently many people did. That thread was deleted, too. And so has every other thread that I've been able to find. It appears that Norton/Symantec is trying to cover something up by deleting these threads and hoping we all get bored and go away.

    So this evening I decided to try Google again and look at this: I now get hits. It looks like ZoneAlarm users are seeing the same alerts. Has anyone been able to get to the bottom of this? I never allow anything to go to the web until I know what it is. And this apparent cover-up is very disturbing.

    Brian

  8. #8
    vekter Guest

    Default Re: PIFTS.exe

    Just not only had my Norton thread deleted, but it would also seem I've been blocked from posting. Great job, Symantec.

    I got off of the **bleep** wagon AGES ago due to a huge amount of bloat and just incredibly bad support. However, this news regarding PIFTS.exe has intrigued me. I'm EXTREMELY curious as to why Symantec has gone to such lengths as to start ignoring it's community regarding this &quot;problem&quot;.

    Oh, and for a bit of a laugh, my post was deleted in under sixty seconds.

  9. #9
    daenris Guest

    Default Re: PIFTS.exe

    Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I've now been blocked from creating new posts or replies on the Norton forums. They really don't want to talk about whatever this was.

    And doubly interesting -- or perhaps not, who knows -- not sure if this is standard practice at Symantic or what, but opening the PIFTS.exe in a hex editor shows a large section of the end of the file consists only of &quot;PADDINGXX&quot; repeated over and over. I've got some background in programming and can't think of a good reason why you would need padding like that on a legitimate executable. However, if an executable in an update has been compromised it may require padding such as that to match the original executable's file size or something. But that's just pointless conspiracy theorizing that likely has no basis. It would be nice though to hear from Norton about what the **bleep** this thing is.

  10. #10
    angelaml Guest

    Default Re: PIFTS.exe

    PIFTS.exe doesn't appear to be hidden on my system.
    I found 3 instances of it.
    The 'PIFTS.exe' I found by directly going to the directory it was listed to be in in my ZoneAlarm Security Alert window after clicking on 'View properties&quot;.
    The file is 100K, the timestamp says it was created at the
    time and date when I
    un-hibernated my PC,
    but Modified March, 4, 2009 at 6:05:48pm (I'm PST so guessing that's what time it's showing me).
    However, it (PIFTS.exe)
    didn't show up when I did a search.
    What did show up when I did a search of my C: for PIFTS were 2 things.

    1) PIFTS.EXE-0D1A9C78.pf




    C:\WINDOWS\Prefetch; file type = PF File; 59 KB2) Norton_PIFTS 3-9-2009 19h4m28s.log



    C:\WINDOWS\Temp; file type = text documentl size = 1KB
    When I click on View Properties in the ZoneAlarm Security Alert the Summary tab is blank (no data filled in).
    The attributes of PIFTS.exe does not have 'Hidden' checked.
    Also, the destination IP is listed as 67.134.208.160:HTTP
    I hope someone figures out something soon.
    I don't like that Norton is deleting posts almost immediately after they post.
    I witnessed it with my own eyes.
    I had read a 2 page thread on the subject and when I hit refresh to see if anything new had posted, it was deleted.
    I also witnessed other posted deleted, and then replaced when it appears they realized they had
    nothing to do with the PIFTS topic because about 20 min later they were back.
    I recognize them because of the avatar and timestamps (3 from the same guy).
    Something stinks and I don't like how
    this
    is being handled it at ALL.

Page 1 of 6 12345 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •