Hello All,

We reviewed the massive block of messages that were posted during a sequence of spam attacks that occurred during the unsigned PIFTS.exe confusion. Because we had to act quickly to remove the constant flow of spam posts, a number of legitimate posts were removed. The messages below are legitimate posts regarding PIFTS.EXE that were removed for moderation during this time.

Because these posts were removed prior to our official responses, we will lock this thread from replies. If your question is still relevant and you wish to repost it, you can do so at the official PIFTS.EXE discussion thread.

I apologize for the below posts being removed from the forum.

Hi,

My Norton FW blocked the following request:

I searched this forum but did not see PIFTS.exe.  Any idea what this is?

thanks,

Tartarus

Hi,

   I just logged on to ask this same question.  I searched for PIFTS.exe in google and turned up nothing.  Zero.  That has never happened to me.  Norton does not give a useful path in that little alert box (C:\Documen~...\) so I did a search of my entire computer to find where the culprit is located and the only thing I came up with was:

PIFTS.EXE-276A71AC.pf  in the directory:  C:\WINDOWS\Prefetch\

   Now I am worried.  Does anyone know anything about PIFTS.exe?

--FatBear

I too just got a PIFTS.exe pop up and google doesn’t show anything.  I don’t know what this is. 

Rather than just saying "me too", I'll point out that in a very short time 270 people have viewed this thread.

Which means that many people are seeing this mysterious PIFTS.EXE request.

And the file is placed in the update folder for Symantec.

It's a real strange situation because:

a) If it was a legitimate Symantec file, surely Symantec/Norton would have a record telling us so somewhere on their website; but

b) If it is some illegitimate malware, Symantec should be alerting us to the problem rather than suggesting we give the file access to the internet.

I Ran an IP look up to the IP that was making the request and that was for a company called SWAPDRIVE, I googled that and found that this company was recently purchased by Norton. Apparently it’s an online storage company. Hope this helps

I wish they would have said something…When it popped up and I could not find anything on it in a search I told my firewall to stop it from accessing the net…Well now I CAN NOT Update my Norton package…It will not install any of the updates I am needing right now.

Our firewall just blocked this same file as well. Not sure what it is, but I get the feeling it ain’t good.

At around 7:00pm MST today, I also got this message alert in my firewall (ZoneAlarm).

It seems odd that today, a lot of people are encountering the same message?

PIFTS.EXE (PIFTS.EXE-2A3CE82C.pf) was located in C:\WINDOWS\Prefetch\ on my Win XP-SP3 machine. The folder contains lots of “pf” files related to Adobe, Excel, Explorer, RealPlayer, NAV, etc. but that doesn’t mean much. I told NAV to NOT allow it to access the Internet, and so far it hasn’t popped up again. But the fact that we’re all noticing this at about the same time on the same day really makes me wonder if it’s a malware that slipped by NAV. So far, Spyware Doctor hasn’t notified me about it either.

Well something is happening on a time bomb of sorts.  It may be a legit symantec operation but why hasn't someone from symantec responded to this thread.  By the way I have internet security 2006 with windows 2000 pro.  How does that compare to anyone elses?

Makes me wonder what else Microsoft and Symantec do behind the scenes that we don't know about.

Symantec please email us a reply.

Zonealarm picked it up while I was playing WoW....

Read my above post (one page one of this thread), If you stopped the file from accessing the Net...see if you can do a full Live Update.....Since I stopped the file from doing whatever it was trying to do...I can no longer do a complete Live Update....It will download the files, but it errors out when it tries to install them.

I just got the same pop-up warning and blocked the program on all ports.  I think it is pretty sketchy, regardless of who is behind this .exe file.  Not the kind of thing you want to see and then have *NO* information on - nothing on Google no-less.

Maybe it is a conspiracy to get folks to register for this board...  ;)

I'm also guessing that something odd is up... I just noticed that the message I posted 3 minutes ago, has been viewed 220 times... that means there's a lot of people typing "PIFTS.exe" into their search engines.

I just got hit with it (PIFTS.exe) about 9:30 pm EDT, I’m running ZoneAlarm and I have also said NO! … where is Symantec help with the CORRECT posting on this ? Bad smell or good cheese ? waiting…

Weighing in here myself!  What’s up Norton?  Give us the scoop.  Is Pifts.exe a legitimate file?  Give us some guidance…

Here's some information I pulled from my Zone Alarm Logs.  Does this make sense to anyone?

2009/03/09 18:26:44 -- New Program -- PIFTS.exe -- Destination IP: 67.134.208.160:80 -- outgoing -- blocked -- Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 -- Program Access -- PIFTS.exe -- Destination IP: <BLANK> -- outgoing -- blocked -- Destination: <BLANK>

2009/03/09 18:48:28 -- Changed Program -- Windows Explorer -- 207.46.248.249.80 -- outgoing -- blocked -- Destination: sa.windows.com

Folks, first of all I am surprised it has taken an episode like this for you to figure out what a poor choice Symantec is for your security needs.  It is the most bloated, invasive and incompatible security software out of all the dozen or so big name competitors.  Don't you folks read?

Now, there are over 3,000 views in less than one day to the first message in this thread.  And now that it is the evening and people are logging in to their computers, that # is increasing by about 200 every 5 minutes or so.  Do a Google search using quotes on "pifts.exe" and this is one of only a few sites that have comments on this issue.

Worse yet, do a search on "pifts.exe" on Symantecs site and it returns NOTHING.  And 3,000 people have looked at this thread, yet no one from Symantec has bothered to even acknowledge its existence.

Now try to find a phone number or even a proper email address on Symantec's site to send this issue to. It will take you 30 minutes.

Does all of this not tell you everything you need to know about Symantec, its products and its customer support? Why in the world are you people wasting one more minute of your time and one more penny of your money on a company like this?  At this point you all get what you deserve.  The writing has been on the wall with this comany for years now.

Well I am stuck with them for the most part of another year (renewed a couple of months ago), but I feel this will be my last with Symtanic.....

I have a different product on the rest of my families systems and will be going there come the next time for a renewal...

And I still have to attempt to contact them, as the blocking of this file caused my Norton software to no longer finish a Live Update...It will find the files needed, download the files needed....and then error out and quit without updating anything....All right after I told ZoneAlarm to kill net access to PIFTS.exe

And yes, I will be doing what I can to keep this topic as close to the top as possible until Norton tells us what is going on.

Well, the last thread on this seems to have been removed.

I did a look into my logs after I got a Norton Firewall alert about pifts.exe trying to access the internet.

The process was "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt2\PIFTS.exe"

I clicked "Block this instance" and now I can't get into MSN. Other Norton activities seem ok, such as live update.

Does anyone have any information on what this file actually is? It no longer exists in the above directory, so I'm at a bit of a loss.