What's PIFTS.exe? It's trying to access the internet on my pc

Ok, so I have an old notebook with Norton AV. I was on it earlier and got a pop up from Norton asking if I wanted PIFTS.exe to access the internet. I had no clue what PIFTS.exe is so I decided to google it and see. Googling didn’t help for shit, so I decided to go to the Norton forums and ask there. I started a thread and immediately got a couple responses saying that it’s popping up on a lot of computers using Norton and no one knows what it is but that something fishy is going on. The replies also said to not be surprised if my thread gets deleted, which I thought was kind of odd. Anyway, I checked my email and checked the forums here then went to check on my thread on the Norton forums. Amazingly, my thread was gone and my posting rights revoked! Kind of an odd thing thing for Norton to do I thought, but obviously they don’t want people talking about whatever PIFTS.exe is, at least on there forums.

Anyway, I denied PIFTS.exe access to the internet, but still wondering what it is, I got the phone number to Norton customer service and decided to give them a call. What a fucking waste of time? I just kept getting the runaround. I was transferred at least four times. At one point I was transferred to the virus removal dept. There, the guy told me that PIFTS.exe is just a Norton update and that I should allow it internet access, but wouldn’t elaborate any further and then transferred me to a supervisor who told me the same thing without further elaboration. Eventually I just hung up.

Long story short, what’s PIFTS.exe and why would my thread asking on the Norton forums regarding it be deleted?

idk but it sounds like u need a fresh format…

I’ve never trusted norton, because of purely how controlling their programs are, even for a firewall.

ya norton is just pure garbage… u should try to get kaspersky… works the best and u wont even realize its running :slight_smile:

found this on yahoo answers

and this http://www.tech-linkblog.com/2009/03/conspiracy-theories-run-rampant-due-to-piftsexe.html/

"Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I?ve now been blocked from creating new posts or replies on the Norton forums. They really don?t want to talk about whatever this was. "

you might want to re-think your anti-virus choice, i hear nod32 is good.

Yeah, I run Kaspersky on this notebook but I dual boot with ubuntu and really don’t even use Windows much at all. The one with Norton belonged to GF 'til I bought her a new one. It still had a current subscription to Norton so I left it.

It’s one thing to not know what the .exe is or does but what really pisses me off is that when I made a thread at Norton.com it got deleted and my posting rights taken away… And then the runaround I got when I called Norton… Makes me wonder if they’re trying to hide something.

I’ve been googling and all I can find about PIFTS.exe is people asking what it is and people complaining about their threads being deleted from the Norton forums when they ask what it is… Really weird shit.

Thanks Milkham. I wonder what’s going on and how it’s gonna turn out? I think Norton’s gonna have some explaining to do when this is all done and over. I’ve already uninstalled Norton and I might just do a complete reformat in the next couple days (I was planning on doing so anyway).

AVG is good. Haven’t had any problems since I started using it.

theres absolutely no information from symantec so far on what this is , all threads on their forum are being deleted when people post about it .

zonealarm are allowing discussion on their forum about it for now and the advice there is to not let it access the internet YET

some believe the live update was compromised or its spyware added by symantec as the accompanying dll checks your browsing history and also google

all info i have posted is speculation at the moment so cant be taken as fact

more info here http://forums.zonealarm.org/zonelabs/board/message?board.id=Off-Topic&message.id=19888

and +1 for nod32

Yeah this is interesting, I sent a note to the guys who do the Security Now! podcast, hopefully they get a lot of mail about it and cover it on this week’s show. That guy Steve Gibson, is the guy who first coined the term “Spyware” and he knows his stuff.

let us know if they cover it on the podcast that is interesting, I’ve never liked norton because of how much stuff tries to run in the background it’s never been a very transparent virus software

I’m starting to think PIFTS.exe is something I picked up while browsing the 'net somehow and not really related to Norton AV itself. The back story that I’ve been reading was that PIFTS was created by Norton and stood for Personal Information File Transfer System (or something to that effect) and the .exe was trying to send usage info to Google, MS and other companies.

I just went to the Norton forums again and they’re getting spammed by stupid, racist, threads about PIFTS.exe. Also, I read that PIFTS.exe may have been a hoax started at www.4chan.org by anonymous posters and when people searched for more info on PIFTS.exe, they’d stumble onto some obscure site and pick it up…

But that still doesn’t explain why I was told that PIFTS.exe was a Norton AV update file by Norton’s customer service… Maybe they were just trying to get me off the phone?

Anyway, I’m currently reformatting the notebook that had the PIFTS.exe problem. It was something I was planning on doing anyway…

pifts.exe is an malware trying to connect to an african server. Symantec got hacked because its from the lastest update. Suggest nod32

Symantec is not safe anymore thats the proof


So Norton claims that PIFTS.exe was an unsigned update. I’m calling bullshit. I can’t why it would take them 18+ hours to figure that out/comment on it. And it doesn’t explain why the were deleting and instabanning people asking legitimate questions about what it was.

Do you have proof of this?

I read about this earlier today. It seems to be causing quite a stir:


The IP it was connecting to earlier, that I’ve witnessed personally (by isolating it on a virtual system on my laptop) and many others have mentioned as well, comes from the same IP addresses that are typically provided to people from Africa connecting to the internet.

What it’s sending to them? We don’t know. We don’t even know if it’s African or not, but that IP range is typically used by an African ISP… so.

I had that PIFTS.exe thing pop up too.
I just denied it access.

Wonder what it is.

I blocked from access.