Conspiracy theories run rampent due to PIFTS.EXE

(Looks like some of this was a 4chan gag, check my other post about it)

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it. Here what I do know:

Here’s some information I pulled from my Zone Alarm Logs. Does this make sense to anyone?
[ad#cricket-right-ez]2009/03/09 18:26:44 — New Program — PIFTS.exe — Destination IP: 67.134.208.160:80 — outgoing — blocked — Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 — Program Access — PIFTS.exe — Destination IP: — outgoing — blocked — Destination:

2009/03/09 18:48:28 — Changed Program — Windows Explorer — 207.46.248.249.80 — outgoing — blocked — Destination: sa.windows.com
[Via The Symatec Forums]

This indicates that the program tried to change tactics to go out on the net.  I look a look for this and it is SwapDrive.  So this must be an update to Swapdrive but I am unsure as to why it pops up that way.  The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP.  (It looks to my mistake in that little part, “to error is human” Check out this  post about it)  Although just recently Norton Decides to Delete that thread and people are really worried about why?  Is this a cover up of some sort because there is a exploit in the Wild that we don’t know about?  These are good questions that need to be answered.   Here is what one posted about this just after they deleted the forum thread:

Norton Coverup?  Do you suppose

As you can see people are taking this deletion on the community forum thread very seriously, they know something is not right in Denmark.  I also want to point out this one:

Proof there was a thread

I don’t know what Norton is up to but this is making me uneasy.  If they are worried about something that they can’t explain or don’t want to explain then they have made a mistake.  Some users are really worried now because Norton isn’t saying anything at all.  I love this post:

A Conspiracy I see!!

As you can see people see this and are worried, I didn’t want these to be taken offline like the first post so I make physical copies to put on my blog.  I want to prove to people that these actually existed.  I would advise people to run Hijackthis to see if you can figure out where this is coming from.  I don’t know why they would hide the truth, it will bite them in the end.  Anyone want to comment on this, I am quiet curious??

*UPDATE 12:01 am 03/10/09*

Seems Norton Deleted all post about PIFTS.EXe so I don’t know what happened but This will have to come out in the open sooner or later.  I just hope it isn’t going to be to late.

Update 12:15am 03/10/09*

Seems people have decided to go to the Zonealarm forums to discuss this:

People are clearing wanting to know why?

You can visit there forums here.  I am getting more curious about this little situation and now tempted to stay up all night watching this!!

[ad#digg-right]I also found this forum thread from BuckeyePlanet.  I am seeing more and more people blogging about this.  So this must be something REALLY big.  Keep sending me comments if you find anything else.  Don’t forget to add me on Twitter.

This looks interesting:
[ad#cricket-1]

Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I’ve now been blocked from creating new posts or replies on the Norton forums. They really don’t want to talk about whatever this was.

And doubly interesting — or perhaps not, who knows — not sure if this is standard practice at Symantic or what, but opening the PIFTS.exe in a hex editor shows a large section of the end of the file consists only of “PADDINGXX” repeated over and over. I’ve got some background in programming and can’t think of a good reason why you would need padding like that on a legitimate executable. However, if an executable in an update has been compromised it may require padding such as that to match the original executable’s file size or something. But that’s just pointless conspiracy theorizing that likely has no basis. It would be nice though to hear from Norton about what the **bleep** this thing is.
[Via Zonealarm Forum]

I don’t know but I suspecting an update went wrong at least from all the indications I’m seeing.

I will say you have several options available to you:

  • You could get a Free Anti-virus Software
  • You could run without An Anti-virus (Not a great option, wouldn’t suggest it)
  • You could do nothing and wait. (My recommendation until I find out the the full story!!)

Please let’s not start a pandemic over this, I am however worried because Norton has yet to release any public information about this?  I will update as needed but please people let’s not go to OVERBOARD on this!!

Google Get’s rid of the Trend “PIFTS.EXE, no long there.  It was there last night.  Hmm even more questions and answers? (Click image to view it!!)

Proof it was there!!

On a side note, I do not have a
ccess to this file. I’ve had a friend who told me about this and I started to investigate it and as soon as I did that Norton started to kill the messages. That when I knew it was something big. That is why I blogged about it. I do not have the program. I just know that it is being searched really hard because I’ve had more people coming to my site than usual. So please don’t ask about samples, you can comment on this or ask questions. I provide this for the community to let them know!!

(Looks like some of this was a 4chan gag, check my other post about it)

Taking back Program Controls : For the Beginners!

Graph of typical Operating System placement on...
Image via Wikipedia

So, let’s face it, this is one of the most annoying problems there are with programs.   Programs that you think are shut down but are actually still active in the Taskmanager.  So I figured I’d talk about some of the most common fixes for these problems.    Now as you know there can be any number of programs or glitches as they say, causing the problems.  So let’s talk about the why, shall we.

Most of the time programs don’t quit because they are waiting for some kind of response from the system or the System is waiting for the program to close by itself.  It could also be a problem with a Virus or Root kit?  How do you fix it?

Fixing the problem is somewhat just trial and Error.  It isn’t always the hardest thing to do but sometimes people overlook the easiest solutions.   So here are some easy ones:

  • Check to see if one of the Microsoft updates are causing the problem —  Sometimes you might not realize it, but having installed an update can cause problems like KB951748.  That one caused a major Headache for Zonealarm.  So it is wise to check each months updates when you start seeing problems, sometimes it could of been happening for a while but it can sometimes cause troubles.
  • Do a Hijackthis scan — Just in case it is virus this will tell you what programs might be the virus.  You will need to go Analyze the logs so go HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2. Check the logs to see what viruses might be on your system.   Just Remember that if you delete something important to your system you will have to install the Operating System.
  • Boot into Safe Mode and Clean out your Prefetch Directory — Yes that is right, if you boot into Safe Mode and clean the cache you sometimes help fix problems.  You see most programs loaded in cache sometimes get corrupt and might cause problems.
  • Uninstall any programs that you think might problem —  This one is easily overlook because most people don’t realize that a program is loading up with your knowledge and might cause a variety of problems.  You can also check the Msconfig for that programs that might not need to be loaded up when you start windows.

These are just a few ways to fix the problem and I think if you do this most of your problems will go away.  There are of course other solutions depending on your system configuration.   As with any changes to your system, please talk to your computer care specialist if you have any questions.

FYI Zonealarm has a Fix for KB951748

If your like me and have Zonealarm installed there is a fix!!  Zone Alarm has found a way to fix the problem so you don’t have to worry about that the little shield constantly being shown on the right hand corner of the desktop.

The Fix from Zonealarm:

http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

I haven’t tried it yet because I just found out, This is for the people who are looking for the fix!

I will apply the fix to my wifes computer today and if there’s a problem I’ll report back!!

A quick note to all that Have installed KB951748

My wife installed the WIndows XP updates without asking me or telling me.  The next thing I found out is she couldn’t access the internet.  If you install KB951748 and have Zonealarm, you will have to unistall KB951748 to get internet Access.

I have to thank TANJENTSDOTCOM. Thanks for the help. If you worry about that update you can always uninstall Zonealarm but I like the program and feel it has some great protection. I don’t know what Microsoft is doing but I think they did not test this thoroughly!! Hope this helps!!