Pifts.exe

phenom · 03-10-2009, 12:53 AM

What is this? Anyone have any idea what Norton is doing? Any post about this on their forums or Yahoo Answers gets deleted within seconds.

More here:

http://www.tech-linkblog.com/2009/03...iftsexe.html/#

**koala** · 03-10-2009, 06:05 AM

The quotes below are from http://www.abovetopsecret.com/forum/thread444230/pg1. Similar posts can be found on other websites and forums from angry users.

Quote:

I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got tranferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support.

Quote:

We're currently having the problem of people calling in and being given the run around on the phone. They transfer you, don't give you any answers, ask you to reinstall and reboot, and then, finally, when they can't get rid of you, they ask if they can come in remotely.

Also, I can confirm that asking any question even vaguely related to PIFTS.exe is enough to get your thread deleted and your account banned from the Norton forums. I asked "Why are threads being deleted?". The thread was subsequently banned and so was I.

Quote:

I haven't seen a systematic removal of "data" like this in a while. It takes a bit of people to do damage control like this. The things to note here are the Washington Swapdrive IP address and Microsoft Search companion originating in the executables encoding and the fact that there's a bunch of useless padding in the file. As explained on one of the forums its comparable to someone filling half a page of paper with xx's and oo's just to fill up the sheet of paper so it would match another like it. Normally padding like that is not included in a file for any reason its sloppy coding. Baton down your hatches folks. This reeks of mass data mining. But really tho make sure to uninstall norton products they suck to begin with use avg or something, anything else but norton products.

Quote:

Analysis Report for PIFTS.exe
MD5: 91b564d825a3487ae5b5fafe57260810

Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World Wide Web.

- Performs File Modification and Destruction:
The executable modifies and destructs files which are not temporary.

- Performs Registry Activities:
The executable reads and modifies registry values. It also creates and monitors registry keys.

**TheBruce1** · 03-10-2009, 02:18 PM

Quote:

Hi everyone,

Symantec released a diagnostic patch "PIFTS.exe" targeting Norton Internet Security and Norton Antivirus 2006 & 2007 users on March 9, 2009. This patch was released for approximately 3 hours (4:30 - 7:40 PM March 9, 2009 Pacific Time). In a case of human error, the patch was released by Symantec "unsigned", which caused the firewall user prompt for this file to access the Internet. The firewall alert for the patch caused understandable concern for users and began to be reported back to Symantec. Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users. The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution. Norton users are fully protected and do not need to take any action as a result of this issue.

http://community.norton.com/norton/b...hread.id=39119

phenom · 03-10-2009, 10:43 PM

Quote:

Originally Posted by TheBruce1

http://community.norton.com/norton/b...hread.id=39119

But why did they delete every post inquiring about it on their forums, and some earlier posts on Yahoo answers? Why were alot of consumers led around in circles for hours on support lines and chat services, never getting an answer?

Would it really be that hard to explain when the problem occurred what had happened? Wouldn't this be the usual procedure? Why did they try so hard to cover it up?

To me, this still seems strange. They say it makes no modifications to the users system but it has been confirmed that it does do something to Internet explorer.

**TheBruce1** · 03-11-2009, 05:11 AM

Best ask Symantec those questions.

03-10-2009, 12:53 AM	#1 (permalink)
phenom Registered User Join Date: Dec 2005 Posts: 49 OS: Windows XP	Pifts.exe What is this? Anyone have any idea what Norton is doing? Any post about this on their forums or Yahoo Answers gets deleted within seconds. More here: http://www.tech-linkblog.com/2009/03...iftsexe.html/#

03-11-2009, 05:11 AM	#5 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Pifts.exe Best ask Symantec those questions. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating