conspiracy fodder: pifts.exe

Several readers wrote in with samples of a file PIFTS.exe that seems to be related to a Norton update and gets flagged for its behavior.

The file has been confirmed to call home to .

The truly bizarre are the mentions that the support forums of norton wipe questions about pifts.exe:

  • See this google search for " pifts.exe":

    google results

  • none of them are cached, but they clearly have been indexed and they have been deleted:
  • pifts deleted text at the norton forum

This is of course exactly what any conspiracy theorist needs to lower trust in the products.

We're trying to reach our contacts at Symantec for an explanation, and will update if and when we get a response.

Swa Frantzen -- Section 66


760 Posts
Mar 10th 2009
There's much more to delete at:
It's kind of depressing reading some of the forum posts popping up about this. In summary, there is snooping and profiling going on, IP addresses in Africa are being used and posts are being deleted and blah blah blah... Mass hysteria is well under way by the look of it.

That said, and this being the internet, I'm feeling a little left out that I don't really care about this - so can anyone advise on the best way to jump aboard this bandwagon please ? Should I be the first to threaten a class-action lawsuit, or perhaps I should make empty threats about de-installing Norton from every PC in the multi-national corporation I work for ? I'm confused, any advice welcome thanks.

23 Posts
VirusTotal shows no one detecting it and ThreatExpert shows it calling home.

1 Posts
Why the secrecy Symantec?
Seems discussion moved over to ZoneAlarm forum.
Hello everyone,

I’m one of the administrators for the Norton Community Forums. First off, I would like to apologize for the removal of legitimate posts, and delayed response in acknowledging the PIFTS.exe issue. While the reason for merging like-posts in to a single thread was not intended to silence the voices of the users, we do understand that it ended up causing a lot of suspicions about the topic. We are sorry for the confusion that we have caused, and have developed new strategies to ensure this doesn’t happen again.

We launched the beta of the Norton Community Forums in April 2008. We’ve been very transparent with many issues that have come up on the boards, and utilized this opportunity to have more open discussions with those who use our software. We have also been very lenient with posts. There are threads on the forums that are critical of our products and discuss non-Symantec scanning software recommended by other users, as well as other non-relevant 3rd party software. I'm not saying this to get a pat on the back, but to acknowledge that we encourage open and honest communication on our forums. We strive to be transparent and give our customers the best information as quickly as possible.

We’ve spent the past 2 days compiling all the information regarding PIFTS.exe and detailing what it does. We’ve also included information regarding the timeline of events that happened on the forums. To view this information, please visit this forum thread:

We also have a discussion thread for all things PIFTS.exe related at the following thread:

Please read through the above two threads if you have any questions, as many questions have already been addressed (such as rumors that we sent personal information to our servers, rumors regarding sending information to Google, and other rumors that we were involved in a conspiracy or “cover up”).

We welcome you to join in on the discussion if you have any concerns that need to be addressed.

Again, we’re sorry for the mishap and all the confusion that this has caused.

Tim Lopez
Norton Forums Administrator
Sorry for the lack of line breaks.

Sign Up for Free or Log In to start participating in the conversation!