• New here? Register here now for access to all the forums, download game torrents, private messages, polls, Sportsbook, etc. Plus, stay connected and follow BP on Instagram @buckeyeplanet and Facebook.

PIFTS.exe

Jump to latest Follow Reply
Sort by date Sort by votes
MililaniBuckeye

MililaniBuckeye

The satanic soulless freight train that is Ohio St
    • Just got a Security Alert pop-up from my Symantec anti-virus program saying PIFTS.exe is trying to connect to a DNS server. The IP of the DNS is my local RoadRunner DNS server. The path of the PIFTS.exe file name shows as "C:\ProgramData\Symantec\LiveUpdate\Downloads\Updt122\", but there is no "Updt122" folder. I also did a full disk search and the "PIFTS.exe" wasn't found.

    There's virtually nothing on this via Google yet. Norton support forum did have a thread on this that started today which had numerous people asking about this (apparently this all started today) and now that thread has magically been deleted.

    Any Norton/Symantec gurus here know WTF is going on? I'm not allowing PIFTS.exe to do shit until I get some answers from someone...
     
    Last edited:
    Re: PIFTS.exe - Windows and ZoneAlarm™ Messages and Alerts - ZoneAlarm User Forum
    I have NIS and it generated an alert about PIFTS.exe this morning. I Googled it and got no hits - ZERO. I went to the Norton community forums to ask if anyone else had encountered it and what to do and found that another user had asked the same question. I added mine and a number of others added theirs, then the thread was deleted. Another thread popped up. The first one was just people who were wondering what was going on, but the second thread was full of suspicions. When Norton deletes a thread which was full of totally legitimate and non-threatening questions you really have to start wondering and apparently many people did. That thread was deleted, too. And so has every other thread that I've been able to find. It appears that Norton/Symantec is trying to cover something up by deleting these threads and hoping we all get bored and go away.

    So this evening I decided to try Google again and look at this: I now get hits. It looks like ZoneAlarm users are seeing the same alerts. Has anyone been able to get to the bottom of this? I never allow anything to go to the web until I know what it is. And this apparent cover-up is very disturbing.
    Click to expand...
    Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I've now been blocked from creating new posts or replies on the Norton forums. They really don't want to talk about whatever this was.

    And doubly interesting -- or perhaps not, who knows -- not sure if this is standard practice at Symantic or what, but opening the PIFTS.exe in a hex editor shows a large section of the end of the file consists only of "PADDINGXX" repeated over and over. I've got some background in programming and can't think of a good reason why you would need padding like that on a legitimate executable. However, if an executable in an update has been compromised it may require padding such as that to match the original executable's file size or something. But that's just pointless conspiracy theorizing that likely has no basis. It would be nice though to hear from Norton about what the **bleep** this thing is.
    Click to expand...
    On my system the file is located inside what appears to be a downloaded update file from Symantec. C:biggrin:ocuments and SettingsAll UsersApplication DataSymantecLiveUpdateDownloads1236641345jtun_pifts.zip.full.zip (not sure if the filename itself is consistent between systems). So far it appears to be some sort of update to Norton, but with absolutely no explanation provided, and obviously some hush-up attempts on the Norton forums.
    Click to expand...
     
    Upvote 0
    And now bogus sites are popping up disguising themselves as legit forums, appearing in Google search results. I clicked on one and got a Norton Antivirus notification that it blocked JS.Downloader and the page remained blank. When I went back to the Google results I looked at the text and sure enough it was broken English: "He met with great oppofition from the pa- pifts and anabaptifts in his ...... to fee his project for augmenting poor livings carried into exe- cution. ...". Right below that link was another one with fucked up English in the description: "And heer again the Annals record them to befeige Exe- Sim. ...... 43. he is intreated by the Britans to head them againft the Pifts and Saxons, ibid, . ...". Both links were entitled "PIFTS EXE" and both pages were "pifts-exe"...they're taking advantage of the current confusion, enticing users to click their link so they can try to infect your PC.
     
    Upvote 0
    I just spent maybe 10 minutes looking at the Symantec/Norton forums and watched as threads re: PIFTS would pop up then be deleted within 60 seconds. There were dozens of them, until it devolved to the point where frustrated, angry people were clearly registering phony accounts and spamming PIFTS threads to the site to see how fast Symantec could delete them. The threads would literally show up three or four at time, and all be deleted after a couple of page refreshes.

    It's really disconcerting, since we run Symantec Corporate at my company.

    There are stories out there now, though:

    Digg - What is PIFTS and why is Symantec covering it up?

    Tech Fears Arise Over Norton and Pifts.exe, page 1
     
    Upvote 0
    Just looked at a few places really quick, a theory that keeps popping up is that this executable is logging information and sending it to a few places....lol Idk if it's true, but if so could it be a government watch system? lol
     
    Upvote 0
    BuckeyeMac;1425608; said:
    Just looked at a few places really quick, a theory that keeps popping up is that this executable is logging information and sending it to a few places....lol Idk if it's true, but if so could it be a government watch system? lol
    Click to expand...
    I've read those suggestions too, but frankly that's just too tin foil hat/army black ops helicopters even for me, and I love a good conspiracy theory as much as the next guy.

    My guess is somebody hacked/hijacked Symantec's Live Update content delivery system.
     
    Upvote 0
    You must log in or register to reply here.
    Back
    Top