General SecurityPost any general questions related to security, viruses or spyware here.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
what is pifts.exe please, and should it be blocked at firewall?
Hi all
I've noticed a lot of internet confusion about a file called "pifts.exe" trying to connect out
It seems there's a bit of a fuss on about all the posts at a Norton forum concerning this file getting deleted - wonderful fodder for conspiracy theorists...
What is this file "pifts.exe" pls? (I've seen mention that it's a kind of keylogger, but am unsure how accurate this information is)
Does it have any legitimate purpose (i.e. should it be allowed through a firewall)
best wishes, HJ.
Didn't find the information you thought to find? Check out these Similar Threads
It seems that its linked to Norton. I would try blocking it through the firewall and see if something doesn't work after denying it for example. Then you will know if its necessary or not. Do you have Norton installed and what Operating System are you using?
read your link but it asks more questions than it answers...
(linux at present BTW, Win98 sometimes (but with Firefox or Opera, not IE; behind router w. NAT and a good firewall!) - I don't use Norton)
I heard about the PIFTS scramble at SANS, and became curious.
(AFAIK) It seems that it's ?not limited to Norton, it's just that Norton's attracting attention because they are currently deleting all posts on this topic (plus it seems banning users who post??). There's plently of stuff about PIFTS on the Zone Labs forums, for example.
The furore seems to be mainly because *at least some folks* are linking PIFTS (?= Public Internet and File Tracking System) to Magic Lantern.
Whatever the truth of the matter, your advice to "block it and see if anything breaks" seems good
The only conclusion that I've drawn thus far is that Norton are doing a really good job of destroying their credibility by deleting all the posts without some informed response as to why they are doing this
best wishes, HJ
Last edited by Hugh Jarss; 10th March 2009 at 17:39.
Reason: made Wikipedia link work (corrected missing bracket)
According to SANS, it seems that Symantec are now saying that it's merely part of the Norton update process; but still, no ideas yet as to why the posts were getting deleted so avidly (which is what really caused the fuss/interest in the first place).
Also from SANS:
Quote:
We've been sent an example of a web page targeting the term "PIFTS.exe" along with other popular search terms that lead to obfuscated javascript that leads in turn to actual malware.
Take care if you search for this: you might find the bad guys out there taking advantage of our interest in PIFTS.exe already
....
