[Sara53]

(PIFTS.exe) Zone Alarm tagged this file as requesting internet access--not recognizing it I said no and then went looking to find out what it is. The ZA BB is full of the same questions and folks were finding threads about it deleted from the Norton BB almost as fast as they came up. I did get a Live Update last night--it's the only change that's been made in days.

Just a note--this is the second attempt to post this. I'm not paranoid, but I changed the topic title just in case.

Sara

[rainforest123]

S: It is important to be careful.
Search your hard disk drive [ your computer ] that file.

Be sure to set your computer to show hidden & system files; and possibly protected OS files, and set your computer to search hidden & system locations.

You will have to search the internet for tips, since you didn't provide us with your operating system information.

Then, go to http://virusscan.jotti.org , where you can upload the file, for scanning by > 30 antivirus programs.

Best of success.

RF123

[rainforest123]

S:
Please go to http://thespykiller.co.uk/index.php?...pmod;dl=item10. Download the HJT installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.


source: http://forums.techguy.org/malware-re...st-before.html

RF123

[Byteman]

Hi,

I don't think posting a HJThis log will be needed.....

http://www.telegraph.co.uk/sciencean....exe-file.html


I might as well include an excerpt from that site/post:

Quote from http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/4969463/Internet-conspiracy-theories-abound-over-Symantec-Pifts.exe-file.html

By Claudine Beaumont
Last Updated: 7:04PM GMT 10 Mar 2009

The file, called Pifts.exe, requests permission to dial out to the internet. But users of Symantec’s Norton Internet Protection software have found it almost impossible to find more information about the file’s origins and purpose, and the situation has led to a rash of rumours on online message boards about the true purpose of the file.

Security experts, however, believe the file is innocuous and does not pose a threat to internet users.....The rumours were further fanned by Symantec’s apparent decision to delete threads related to the issue from its user support forum, leading some web users to suggest a cover-up by the software company.

But security experts have said that early indications show the file is not malicious and is related to Norton’s security products. It has a build date of March 5, suggesting it has only just been created, said Graham Cluley, a security expert with Sophos.

“Pifts attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters,” he wrote on his blog.

“We feel fairly comfortable in debunking the internet rumours claiming that Pifts might be a rootkit [a tool used by hackers] or a government-sponsored backdoor to spy on the masses.

“We think it’s more likely that Symantec’s programmers simply forgot to properly tag the file as having permissions to perform its functions. Indeed, a private communication from a Symantec employee reassured us that the problem was more likely to be an error by one of their staff, rather than a sinister plot against Norton users.

“Our guess is that Pifts is some kind of feedback component designed to gather statistics about Symantec’s products, or an auto-update component.”

A spokesman for Symantec said the company was trying to get to the bottom of the issue, and would issue a statement shortly.

Hope that helps.....the problem should be fully dealt with by Symantec soon.

[rainforest123]

B:
Thanks for the update.

That page wasn't found by google & yahoo prior to my suggestion for HJT log.


RF123

[Byteman]

Quote:

Originally Posted by rainforest123

B:
Thanks for the update.

That page wasn't found by google & yahoo prior to my suggestion for HJT log.

I posted the link for general information.

There was a lot of the posting being done on the 9th....

http://www.tech-linkblog.com/2009/03...piftsexe.html/


The problem? Posts were being deleted all over the Net about the issue.....

So maybe you didn't find one, it doesn't matter.

A comapny like Norton / Symantec is not going to hide even a bad mistake in an update from their customers.....they might wish they could, but in fact they go into high gear and get things fixed ASAP.


Simply quarantining the file is enough in cases like these, and especially when you see something like this in a first reply:

Quote:

Originally Posted by Sara53

(PIFTS.exe) Zone Alarm tagged this file as requesting internet access--not recognizing it I said no and then went looking to find out what it is. The ZA BB is full of the same questions and folks were finding threads about it deleted from the Norton BB almost as fast as they came up. I did get a Live Update last night--it's the only change that's been made in days.

Just a note--this is the second attempt to post this. I'm not paranoid, but I changed the topic title just in case.

Sara

I really do not care that you posted to do a HJT log, at all....nor that you posted to have the file scanned...that is not why I replied to the thread.

[rainforest123]

B:
Truly, when I searched "PIFTS.exe" at google & yahoo, the only hits were from the ZA forums. I did not specify domains in my searches.

Such is life.

That which works for me, when my FW detects a new program:
1. block, but do not make a rule [ or let the FW create a rule ].
2. look for the file and submit it to Jotti.
3. Look for help.


The problem with being the first, in your case S53, 1 of the first, is that very little is known about an entity.

My philosophy: If I ever have a choice of diseases; 1 well known; 1 recently discovered, I don't want to be the one whose name is attached to the disease, such as "Rainforest Syndrome". I want the plain old common cold.


Thanks, Byteman, for bringing illumination to this subject.

unsubscribed

RF123

[Byteman]

Just don't be in a hurry to hit the Delete button and you will be OK>

[rainforest123]

B:
Wise people have multiple common traits.


RF123