Let’s Clear this up — PIFTS.EXE

I just wanted to clear up some things about PIFTS.EXE.  I read a Most Interesting Article about this over at Bleeping Computers.  He talks about how tested this on his system and I’ll quote:

After reading about this file here and here, I asked around on BleepingComputer.com for one of our users to submit a sample of the file to me. Once I received the file, I ran it on a test box while running a file monitor, to see what it accesses, and Wireshark, to see what it does on the network. What I found was that the program appears to be quite innocent, and from the hostname it connects to, we could have guessed as to what it does. It appears that when you update Norton it connects to stats.norton.com and lets the server know someone has installed an update, what the update was, what program it was for, and whether it was successful. Now, I am not saying that Norton should be contacting one of their servers and reporting this type of information without a user’s permission or even knowledge, but there is no conspiracy theory between Norton, Google, Microsoft, African Nations, and little green men.

[Via Bleeping Computers]

[ad#cricket-right-ez]So Let’s Talk about this a little more, It does connect to stats.norton.com and tell norton that it it has installed the update.  Like he says, I agree although Notron isn’t trying to be the bad guy. I, like everyone else, also thought something was amiss when they started deleting forums post.  Instead of locking them down.  You see it makes them look suspicious and that started a flurry of people posting about this.  I do know they should of been truthful from the get go.  I just heard about this today and wanted to remind people that I meant what I said.  Don’t go overboard because your think your trust with a company was mislead. You know that they have to protect their service to prevent unauthorized access to there software and get what money they deserve.  However They should of been open from the start with this on there main page or in the forums talking about how this happened in the first place.

In Symantec’s defense, when I first heard about this earlier this morning, I noted privately to a couple of folks that some of the comments being left on the Symantec forum bore many of the hallmarks of “4Chan,” (a.k.a. “anonymous”), a virtual community that thrives on playing practical jokes and causing trouble online. The summary about this incident posted to News-for-nerds site Slashdot this morning links to a key 4Chan forum.

[Via Bleeping Computers]

Now they couldn’t say something like this either in there forums as a sticky note or on there Website?  This was why they started to delete the forum threads without telling anyone what happened.  I understand they have the right to delete what they want when they want, it was probably an over zealous moderator.  I wanted to clear this up a little so the virus theories and the conspiracy theories would go away.   I know some website are being over zealous over this and claiming it is doing things it isn’t.  I was just trying to inform but others seemed to run with it and come up with all kinds of theories.  So please let’s take a deep breathe and understand that you have several options as to what you want to do.  I haven’t recommended people removing Norton, and I still don’t recommend removing from your system.  I will always tell people that there is Free versions of Anti-virus and Firewalls available.    Like I said in my previous post these were post made by people on the forums and I was taking screen shots to proof that there was something going on.

I hope this clarify what is going on with Norton Antivirus. I’ll still recommend it for people who can afford it, because it does a good job on anti-virus.

[READ More about this at Symantec]

Fake Scareware Sites Popup after the Pifts.EXE Conspiracy

There Seems to Be a Fake site that are popping up today right after what happened with PIFTS.EXE. I just happen to Google it to see what people are talking about and this appears on the front page.

Not a real site!!

As you can see this leads to a server in Poland and once you go to it you see:

Not a real virus scanner

I will be reporting this to Phishtank. This is scareware which means  there is no real VIRUS because and you
Should never believe the screens when you see something like this. According to Wikipedia:

[ad#ad2-right]Some websites display pop-up advertisement windows or banners with text such as: “Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below.” These websites go as far as saying that a user’s job, career, or marriage would be at risk. Products using advertisements such as these are often considered scareware. serious scareware applications qualify as Rogue software.
[Via Wikipedia]

So if you are worried you have a virus or think you have a virus I would advise you to download one of the free Many anti-virus software and firewall. This is nothing new with the companies who are doing this but don’t buy anything because people are trying to scare you into thinking you have a virus. That rarely is a valid software and you should use the ones that you trust. If you find a site like that please report them to Phishtank and other sites that way we can protect everyone who goes there.

Conspiracy theories run rampent due to PIFTS.EXE

(Looks like some of this was a 4chan gag, check my other post about it)

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it. Here what I do know:

Here’s some information I pulled from my Zone Alarm Logs. Does this make sense to anyone?
[ad#cricket-right-ez]2009/03/09 18:26:44 — New Program — PIFTS.exe — Destination IP: 67.134.208.160:80 — outgoing — blocked — Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 — Program Access — PIFTS.exe — Destination IP: — outgoing — blocked — Destination:

2009/03/09 18:48:28 — Changed Program — Windows Explorer — 207.46.248.249.80 — outgoing — blocked — Destination: sa.windows.com
[Via The Symatec Forums]

This indicates that the program tried to change tactics to go out on the net.  I look a look for this and it is SwapDrive.  So this must be an update to Swapdrive but I am unsure as to why it pops up that way.  The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP.  (It looks to my mistake in that little part, “to error is human” Check out this  post about it)  Although just recently Norton Decides to Delete that thread and people are really worried about why?  Is this a cover up of some sort because there is a exploit in the Wild that we don’t know about?  These are good questions that need to be answered.   Here is what one posted about this just after they deleted the forum thread:

Norton Coverup?  Do you suppose

As you can see people are taking this deletion on the community forum thread very seriously, they know something is not right in Denmark.  I also want to point out this one:

Proof there was a thread

I don’t know what Norton is up to but this is making me uneasy.  If they are worried about something that they can’t explain or don’t want to explain then they have made a mistake.  Some users are really worried now because Norton isn’t saying anything at all.  I love this post:

A Conspiracy I see!!

As you can see people see this and are worried, I didn’t want these to be taken offline like the first post so I make physical copies to put on my blog.  I want to prove to people that these actually existed.  I would advise people to run Hijackthis to see if you can figure out where this is coming from.  I don’t know why they would hide the truth, it will bite them in the end.  Anyone want to comment on this, I am quiet curious??

*UPDATE 12:01 am 03/10/09*

Seems Norton Deleted all post about PIFTS.EXe so I don’t know what happened but This will have to come out in the open sooner or later.  I just hope it isn’t going to be to late.

Update 12:15am 03/10/09*

Seems people have decided to go to the Zonealarm forums to discuss this:

People are clearing wanting to know why?

You can visit there forums here.  I am getting more curious about this little situation and now tempted to stay up all night watching this!!

[ad#digg-right]I also found this forum thread from BuckeyePlanet.  I am seeing more and more people blogging about this.  So this must be something REALLY big.  Keep sending me comments if you find anything else.  Don’t forget to add me on Twitter.

This looks interesting:
[ad#cricket-1]

Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I’ve now been blocked from creating new posts or replies on the Norton forums. They really don’t want to talk about whatever this was.

And doubly interesting — or perhaps not, who knows — not sure if this is standard practice at Symantic or what, but opening the PIFTS.exe in a hex editor shows a large section of the end of the file consists only of “PADDINGXX” repeated over and over. I’ve got some background in programming and can’t think of a good reason why you would need padding like that on a legitimate executable. However, if an executable in an update has been compromised it may require padding such as that to match the original executable’s file size or something. But that’s just pointless conspiracy theorizing that likely has no basis. It would be nice though to hear from Norton about what the **bleep** this thing is.
[Via Zonealarm Forum]

I don’t know but I suspecting an update went wrong at least from all the indications I’m seeing.

I will say you have several options available to you:

  • You could get a Free Anti-virus Software
  • You could run without An Anti-virus (Not a great option, wouldn’t suggest it)
  • You could do nothing and wait. (My recommendation until I find out the the full story!!)

Please let’s not start a pandemic over this, I am however worried because Norton has yet to release any public information about this?  I will update as needed but please people let’s not go to OVERBOARD on this!!

Google Get’s rid of the Trend “PIFTS.EXE, no long there.  It was there last night.  Hmm even more questions and answers? (Click image to view it!!)

Proof it was there!!

On a side note, I do not have a
ccess to this file. I’ve had a friend who told me about this and I started to investigate it and as soon as I did that Norton started to kill the messages. That when I knew it was something big. That is why I blogged about it. I do not have the program. I just know that it is being searched really hard because I’ve had more people coming to my site than usual. So please don’t ask about samples, you can comment on this or ask questions. I provide this for the community to let them know!!

(Looks like some of this was a 4chan gag, check my other post about it)

How do you like your Cricket USB Modem?

Lately I talked about the A600 USB 3G modem and Now I want to hear from the Readers?  You see I can’t do my best reviewing these with comments from the readers, that being you.

techlinkblog[AT]gmail.comClick the picture to send me email, just remember to replace “AT” with “@”.

So I want to hear what you think about either the USB UM100 Modem or the A600 USB 3g Modem?  Here a re a few things to answer when you write your email.

Something will go to the people who email me?  I want to publish some of these comments on my blog for all to read.  I want to hear if what I am publishing helps you?  I will even give your credit as  to who wrote it.  If you have a site or something you want to promote by all means add that to your testimonial.  Here’s the basic questions that should be talked about:

  • Which one did you buy? (Cricket USB A600 or Cricket USB UM100)
  • Did you Upgrade from the Cricket USB UM100 to the Cricket USB A600?
  • Are you using it for travel or Primary internet?
  • Is it for business or Pleasure?
  • Are you happy with your choice?
  • Do you recommend the Modem to friends and family?
  • Any Situation you can think of where this has been helpful?

I am going to be asking for comments from Cricket about this also and I will be publishing this later on this month but before I do that you will have your chance to tell the company what you think of their Broadband solution.  Please keep these comments family friendly, if you cuss and I publish it, be advised I will edit the cussing to be family friendly.

Getting to the A600 Program Files

So you want to see this screen when you plug in the A600 Broadband Card:
cricketa600softwarecricketdrive1

[ad]But doesn’t pop up! I found out why. If you installed it one time or another and had a problem with the installation and it won’t pop up with that screen. You’ll need to take this first step:

Uninstall THE USB DRIVERS for A600
C:\Program Files\Cricket\USB DRIVERS\Uninstall.EXE

Once you do that you will see need to reboot and then try to insert the A600 Modem into the USB slot. It should pop up with t hat screen or you should see the drive become available.

I’ve also took the drive and copied the program files into a sub Directory of the 4 Gig drive installed in the A600 and I decided to help everyone else out by uploading the self-extracting program to rapid share:

Cricket-A600-Program.exe Bit torrent file

This is the file I created on Memory card for when I need it.  If you are uncomfortable downloading this because your worried about virus, then follow the directions on how to uninstall the software to get to your Cricket software for the A600.  I did this to make it easier later on to re-install the software without having to uninstall software.  Let me know if this helps. You should consider downloading Free Anti-virus Software and free Firewalls to protect your system if you haven’t already!!