Norton avoiding all questions about PIFTS.EXE

Causing fear in Norton users.

Published Tue, Mar 10 2009 2:44 PM CDT   |   Updated Tue, Nov 3 2020 12:37 PM CST
*** Update ***
Please be careful searching for information about PIFTS.exe; malware writers have caught on to the panic and many search results only attempt to download malware onto your system

There is a new fear on the Internet and its name is PIFTS.exe. This file has been that has caused such a stir only appears on systems with Norton Anti-Virus that have the most current update.

The file has been caught by Zone Alarm and even by Norton's own firewall attempting to access the internet. It appears to be trying to phone home to a site labeled as Although some are claiming this .exe is calling Africa, the only IP Addresses that have been associated with it point to a Swapdrive site (run by QWest) and Microsoft Search Companion.

Posts to Norton's forums about this are being deleted within 2 minutes and calls do not yield anything but repeated transfers and obviously fake reassurances.

No one seems to know what this file is or what it is really doing but the current recommendation is to not allow this file access to the internet.

Symantec tech support would not comment when I attempted to contact them about it.

*** It seems that the PIFTS file is mining data from Google Desktop and other google products. This has lead to the belief that someone is trying to track searches made by Norton Users. The information sent to the SwapDrive site (owned by Norton) and Microsoft Search Companion seem to add cerdibility to this also. ***

Read about it here and here and here.

Norton avoiding all questions about PIFTS.EXE

According to my ZoneAlarm logs, the "PIFTS.EXE" program attempted to access the Internet twice. The first instance was automatically blocked. The second attempt, about 5 hours later, is the one that manually prompted me for a response.

The first attempt that was automatically blocked was attempting to access a destination DNS of " ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.

The "PIFTS.EXE" file is located within the "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt61" folder on my hard drive. The "UpdtXXX" folder (where "XXX" may be any 2 or 3 digit number) will most likely be different in your computer. By default, the "Application Data" folder is hidden. So, you may need to unhide the folder first before viewing its contents. And if searching for the "PIFTS.EXE" file, you will need to alter the "More Advanced Options" to include "Search Hidden Files and Folders". By default, the Windows Search utility does NOT search hidden files/folders.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles