March 10, 2009

PIFTS.EXE

There is virtually no information on the internet yet regarding a mysterious program called PIFTS.exe, aside from what's posted on this blog. Symantec, makers of the bloated Norton Anti-Virus software, are deleting any mention of PIFTS.exe from their community forums. The topic is being discussed at forums.zonealarm.org.


UPDATE (02:36 10 March 2009): A google search for PIFTS.exe turns up a link to www.kanzlei.biz/uploads/tf/index.php?family-guy-season-7-episode-8/, a nefarious looking website that I suggest you not go to unless you know what you are doing. The site contains javascript which may be malicious. Here's a screen capture from one of the pages on that site.


UPDATE (03:56 10 March 2009): In our comments, thepipermethod says the kanzlei.biz website is just mirroring key words from google trends, which at this time includes the terms "PIFTS" and "EXE" and that the site has no other relation to PIFTS.exe. At zonealarm.org, one person reports talking with various representatives of Symantec for two hours without receiving any answer as to why inquiries posted on the Symantec forums were being deleted. The caller was told that PIFTS.exe is part of Symantec's update installation process, was denied any further information regarding the purpose of the file and was repeatedly transferred to a new representative when asking why inquiries about PIFTS.exe were being deleted from Symantec's forums.


UPDATE (10:42 10 March 2009): There is speculation that this is part of the FBI's secret Magic Lantern software. From Wikipedia:
Symantec, the makers of Norton AntiVirus and related products, is reportedly working with the FBI on ways to preclude their products from detecting Magic Lantern. Eric Chien, a top researcher at Symantec, emphasized the ability to detect "modified versions."
Some people are reporting that the Norton forums have been taken offline. There is no information posted anywhere yet regarding what this program does.

UPDATE (11:10 10 March 2009): It's being said that PIFTS.exe contacts an IP address in Africa.


UPDATE (11:50 10 March 2009): This site has links to copies of the PIFTS.exe file which you can download. I can not vouch whether the files are authentic or not. There is contradictory information about what actual IP address the program is contacting.

UPDATE (12:02 10 March 2009): Apparently digg.com is also covering this story up. 242 diggs and it's not on the front page. There's a good discussion of this on slashdot.org, a web 2.0 social networking site for techies. The Washington Post and The Register are covering this as well.


UPDATE (14:45 10 March 2009): More details on Digg's cover up of the PIFTS.exe story here. The coordinated opposition to this story tells us that we are on the right track.


UPDATE (16:22 10 March 2009): Symantec has finally issued a statement on PIFTS.exe. Symantec claims that it was just a patch to their software that was accidentally released "unsigned." The company also alleges that inquiries regarding the matter on their forums were deleted because many people made posts about it:
One individual created a new user account and posted about the name of the patch executable, PIFTS.exe. Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone. While the intent of the spammer(s) remains unclear, there were no malicious links and it simply resulted in a widespread communications challenge for Symantec.
It is interesting that there is no accounting for why the first post was deleted along with every single other mention of the issue. It is also worth noting that Symantec refers those customers of theirs who promptly wanted to know what this "unsigned" piece of software was as "spammer(s)" whose intent "remains unclear."

71 comments:

  1. From what I understand it seems to be some kind of a virus that is linked to terrorism. If you disassemble it you can see that the IP it connects is in northern africa. A cyber attack may be imminent. Back up your data, folks.

    ReplyDelete
  2. Youri's fearmongering; it's not related to that at all.

    All we can figure out about it is that it's somehow possibly logging your cookies and internet browsing history if you use IE. Nothing linked to Firefox or Opera as of yet.

    If you're an IE user, clear your cache.

    ReplyDelete
  3. all the things listed on the family guy website are the top google trends.

    ReplyDelete
  4. which, might i add, pifts.exe is a top google trend right now. so that website has no relation to the pifts.exe file, that website is just mirroring all the google trends.

    ReplyDelete
  5. Some discussion here: http://answers.yahoo.com/question/index?qid=20090309204126AAGTEsK

    ReplyDelete
  6. It seems the discussion on Zone Alarm was also deleted.

    More here:
    http://www.abovetopsecret.com/forum/thread444230/pg1

    ReplyDelete
  7. The discussion wasn't deleted from Zone Alarm's site, just moved. The link above is updated.

    ReplyDelete
  8. Regarding the update here "UPDATE (03:56 10 March 2009): and the At zonealarm.org, one person reports talking with various representatives of Symantec for two hours"

    This is true as it was my friend who called me up as I do the tech support for them. I was on the phone with them in a three way call as I'm in another state.

    There is a lot more to the post made there but my friend was tired and ready for bed. Essentially it comes down to if they are not hiding something why delete posts? Why not just explain it was a mess up on their part or a simple explanation of they are looking into it etc.

    As someone else posted at another site Are they covering up something as an AV company has been caught trying to put in a rootkit, yet again as was the case a couple of years ago from the same company or are they collecting personal info off of ones computer and sending it somewhere?

    Now my big question is why isn't there any posting in google or yahoo or any other search engine atm with the news agencies picking up on this issue?

    I do not wish to be an alarmist but something is fishy and rotting IMHO.

    I would suggest that anyone with Media contacts get in touch with their media source and ask why everything is apparently being squashed for a simple question from users who have supported such companies and are current subscribers also.

    Sorry about posting as Anonymous but all things considered right now I will not post on public sites with any of my account names. I feel like Big Brother is even closer!

    ReplyDelete
  9. The serious question is why does it try to connect to an African location?

    ReplyDelete
  10. On a side note, Digg.com just went down.

    ReplyDelete
  11. Holy cow. Digg had a load of articles on it and now it's down. 4chan is going psycho. This is getting weird.

    ReplyDelete
  12. Apparently you can access digg through a proxy server...
    Which means people are being blocked from accessing it.

    ReplyDelete
  13. Yeah a proxy works :O! What the hell is going on?

    ReplyDelete
  14. This post was on Digg not too long ago; it's not anymore.

    ReplyDelete
  15. Or atleast it's impossible to search for "pifts.exe"...

    4chan's post about this has been deleted.

    ReplyDelete
  16. it wasn't deleted, it just reached the bump limit.
    There's a new thread up.

    ReplyDelete
  17. has 4chan created a new thread?

    ReplyDelete
  18. http://img.4chan.org/b/res/122557257.html#122557415

    ReplyDelete
  19. no results on digg.com for pifts.exe anymore!

    ReplyDelete
  20. apologies I obviously don't know how to search on digg.com - the articles do appear in the search (just not front page)

    ReplyDelete
  21. This is getting weird. I really need a drink but I don't want to move in case my computer blows the fuck up.

    ReplyDelete
  22. Oh gosh, now i have a reason not to use Norton :)

    1. Program that sees virus and deletes everything...
    2. Program that accesses some nigerian ip adress...

    Thats it!

    NORTON IS A NIGERIAN SCAM... INTERWEB WATCH DOG GOGOGOGOGOGOGOG THERE ARE N*gErS trying to STEAL your INTERNET!!!!1!!

    ReplyDelete
  23. The Norton forum is now showing this message at the top of the pages:

    Forum Private Messages's are offline for maintenance, Please check back after 12:00 PM PDT. We apologize for any inconvenience.

    ReplyDelete
  24. Here's the strings in pifts.exe

    http://pastebin.com/m1e207a78

    ReplyDelete
  25. This little tidbit from the pifts.exe is insidious looking:

    d:\perforce\entiredepot\consumer_crt\patchtools\patch021809db\release\PIFTS.pdb

    ReplyDelete
  26. The perforce stuff isn't insidious - its just a configuration management system. That's probably just the location of a file that was used in building that executable and has little to do with the actual function of the executable itself. Basically, its not indicative of the evil(tm) or good(tm) nature of the program, just evidence that Perforce was part of the development process.

    ReplyDelete
  27. This looks like a Norton Patch Utility, probably nothing to worry about. I really like the ping URL for stats though 8)

    ReplyDelete
  28. Thanks anonymous. What that tells us is that this was built somewhere with a CMS, which hints at it being a pretty organized place. Also, the fact that the folders are in english tells us this isn't the work of middle eastern hackers as was initially speculated.

    What's interesting is the date: 02/18/09. In the world of anti-virus, that's a DECADE, so it is obvious this isn't simply a routine update.

    What's going on here!

    ReplyDelete
  29. nlggers hacking mai shit now OH LAWD

    ReplyDelete
  30. Norton have been collecting your information for years, if you didn't know that you should of read the fine print.

    So don't worry, they all ready know everything about you.

    ReplyDelete
  31. OH LAWD IZ DAT SUM PIFTS

    ReplyDelete
  32. Has anyone considered using netmon (http://support.microsoft.com/kb/812953) to see what is it trying to transmit?

    ReplyDelete
  33. i searched digg and could find nothing about PIFTS.exe.

    ReplyDelete
  34. forums arent down although heavily bloated, channers are there in full force

    ReplyDelete
  35. I SMELL CHEEZBURGERS LUL

    ReplyDelete
  36. Now would be the time to do a "put" on norton stock.

    Perhaps the fact that this will eventually kill Norton will become a reason for the govt to stop forcing companies to do things like this.

    ReplyDelete
  37. Sophos has published some more information about the PIFTS and Symantec mystery.

    Our feeling is that this is more likely to be a cock-up than a conspiracy. Normally something like this has a very down-to-earth explanation.

    You can read more about what we've determined about PIFTS.EXE at http://www.sophos.com/blogs/gc/g/2009/03/10/mystery-symantec-pifts/

    Regards
    Graham Cluley, senior technology consultant, Sophos

    ReplyDelete
  38. If there is a down-to-earth explanation, I think we would all like to hear it from Symantec and any other party involved. Right now it seems their efforts are directed at deleting requests for information.

    ReplyDelete
  39. You are all so, so, so, so, so, so, so, so, so dumb...

    OMFG WTF IS CFTMON!!! IT IS STEALING MY INTERNETS AND REROUTING MY MEGAHURTS! I CAN'T BYPASS THE JIGAWHATS!!!!!

    ReplyDelete
  40. THE APOCALYPSE HAS STARTED

    ReplyDelete
  41. http://en.wikipedia.org/wiki/Magic_Lantern_(software)

    Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation.

    Symantec, the makers of Norton AntiVirus and related products, is reportedly working with the FBI on ways to preclude their products from detecting Magic Lantern. Eric Chien, a top researcher at Symantec, emphasized the ability to detect "modified versions."

    P.I.F.T.S.

    Public Internet and File Tracking System

    It goes offshore because there's no law forbidding sending it to foreign governments. If governments want to spy on their own citizens, it is normal for them to have foreigners do it in order to get around normal restrictions about spying on their own people.

    ReplyDelete
  42. I think its just that the "federals" contacted norton to detect possible contacts with terrorists (c'mon terrorists r too lame to use FF or Opera or even netscape), every norton anti-anti virus , lets make ultimate visit to jihad webpage and they will go nuts...

    ReplyDelete
  43. digg is fuckin kevin fuckin rose man
    i can't even imagine that guy working to cover something up xD

    ReplyDelete
  44. Only a n00b uses IE, there are n00bs that don't even know that they don't have to use IE...Firefox solves all your problems and allows division by zero

    ReplyDelete
  45. from the linked washpost article

    Update, 2:23 p.m. ET: Dave Cole, senior director of product management at Symantec, said the PIFTS file was part of a "diagnostics patch" shipped to Norton customers on Monday evening. The purpose of the update, Cole said, was to help determine how many customers would need to be migrated to newer versions of its software as more Windows users upgrade to Windows 7.

    "We have to make sure before we migrate users to a new product that we can see what kind of load we can expect on our servers, and which customers are going to have to be moved up to the latest version of our product," Cole said.

    As to why Symantec has been deleting posts about this from their user forum, Cole said the company noticed that minutes after the update went out hundreds of new users began registering on the forum, leaving inane and sometimes abusive comments.

    "We want to be out there in the community, but by the same token, if we see abuse we will shut it down pretty quickly," Cole said. "There was no attempt at secrecy here, but people were spamming the forum and making it unusable to everyone."

    In Symantec's defense, when I first heard about this earlier this morning, I noted privately to a couple of folks that some of the comments being left on the Symantec forum bore many of the hallmarks of "4Chan," (a.k.a. "anonymous"), a virtual community that thrives on playing practical jokes and causing trouble online. The summary about this incident posted to News-for-nerds site Slashdot this morning links to a key 4Chan forum.

    ReplyDelete
  46. Dave Cole's explanation on the Washington Post site is CYA speak for "We wanted to know how many of our customers were on what operating systems, so we pushed out a patch which sent us information about our customers OS without them agreeing to disclose this information"

    They were caught with their hand in the cookie jar. Prepare for plenty of Symantec posturing to try and sweep this under the rug.

    ReplyDelete
  47. The first post commented on the forums was an honest question asking what this executable was and whether to allow it access to the internet. Where's the abuse in that? The abusive posts came later, when they realized Symantec was deleting these posts as soon as they were posted. They are hiding something.

    ReplyDelete
  48. As to why Symantec has been deleting posts about this from their user forum, Cole said the company noticed that minutes after the update went out hundreds of new users began registering on the forum, leaving inane and sometimes abusive comments.

    The abuse started because posts were being deleted.

    ReplyDelete
  49. Bitches don't know about my PIFTS.

    ReplyDelete
  50. symantec employee post in norton forum

    http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119

    ReplyDelete
  51. I loved the way you described Slashdot as a "web 2.0" site. Slashdot is older than dirt my friend.

    ReplyDelete
  52. My question is, how often do they take liberties with people's data and privacy? I doubt this is the first time... This is just the first time they have been caught.

    ReplyDelete
  53. When the orginal post went up about 7pm Monday evening, there wasn't the rush of post like there was today. There were 2 legit threads started about it, one which I posted in with 17 post to the thread and over 3000 views in less than 2 hours....Those threads were deleted and the accounts all banned (though I have sent the letter to unlock my account). The attacks started after the first few threads were deleted. The attacks were unnecessary and did not help getting a timely answer from Norton.

    ReplyDelete
  54. Not quite...I just got my Norton Forums account unlocked from Tony the admin...though I am not going to post the name here as I really don't want to be spammed as they spammed the forum today.....I still would like to know what that file does, as it does appear to "phone home" with some sort of information from your system.

    ReplyDelete
  55. We can rule out whether this is from the American government by determining whether non-Americans have it. The USA would be prevented from spying on Canadians, for example.

    Do any Canadians with Norton installed have this process running?

    ReplyDelete
  56. Folks from all over the World were complaining and talking about this...I found folks talking about this on a New Zealand Motorcycle forum.

    ReplyDelete
  57. I must admit, you do raise some very valid points.

    RT
    www.privacy.at.tc

    ReplyDelete
  58. Osama bin Drepper3/10/2009 5:44 PM

    Stop reopening the bug.

    ReplyDelete
  59. SUP DAWG i heard you like bloat in your bloat so i put some PIFTS.EXE in your NAV so you can bloat while you bloat.

    ReplyDelete
  60. Clearly this is a global conspiracy. PIFTS backwards is STFIP, or the State Terrorism Freedom Information Police, which is a top secret Chinese anti-capitalism subversion group which uses spam to infiltrate and control U.S. systems.

    This is just the beginning, folks..

    ReplyDelete
  61. Clearly this is a sign of the apocalypse. Subtracting {12, 4, 5, 0, 11} from PIFTS is DEATH.

    ReplyDelete
  62. >>Do any Canadians with Norton installed have this process running?


    Duh, There's no internet in Canada.

    ReplyDelete
  63. OMG, you bunch of X-Files wannabe basement dwelling losers. There is no conspiracy. No one is monitoring your keystrokes, as no one cares how many times you type in the word "boobs" into a web search and giggle. Get a freakin life.

    ReplyDelete
  64. boobs
    hahaha

    ReplyDelete
  65. !!! P.I.F.T.S. stands for Pining Intolerably For Teenage Sex !!!

    It's the work of those damn pedophiles at ebaumsworld!

    ReplyDelete
  66. Norton Remains To Censor It's Not So Happy Paying Customers By Censorship!

    It appears that Norton does not take to kindly when they are left with egg on their face, nor do they appreciate their Employees, the Norton Forums Administrators their Moderators or even their so called Guru members being made a fool of!

    With the recent blunder of Norton's Pift.exe Fiasco and now with their new 16.5 Update what will be next?

    This Is Censorship At Its Best By Norton!

    My First Post Deleted By Tim_Lopez :

    cgoldman this will be the one and only reply from me that you will receive.

    If you can not comprehend what I stated directly to >OscarL< and NOT you in my original first post of this thread on page one , then that is
    your problem and not mine.
    _______________________________________________________

    Chris1 wrote:

    OscarL the problem that most are having with the 16.5 LiveUpdate is not due to the end users location, type of pc, Os that they are using, network configuration nor their service provider.

    Behind a router, using DSL / cable internet? Been there done that.

    I have tried every conceivable manner of app configuration with the versions listed below in order :

    Starting with NIS V.16.2.0.7 installed

    Updating forward on to NIS V.16.5.0.135

    Reverting backwards to installing NIS V.16.0.0.125

    Reinstalling NIS V.16.2

    Then reinstalling NIS V.16.5.0.135

    Every suggestion that has been mentioned on this forum earlier today, which includes playing with the Lue.Log, dsconnecting routers, rebooting and so on, has all ready been tested by yours truly and with the help of 3 different people from Symantec Chat Support, along with 2 Symantec Chat Support Supervisers, all whom to which I have burnt out in the process,. This between last evening, up to early hours of this morning.

    As of this post, I have NOT been able to acquire full functionality of the NIS V.16.5.0.135 Live Update. Error 8921,301 remains.

    On each original reinstall, LiveUpdate worked only one time. Further attempt using Live Update thereafter produced Error 8921,301

    ________________________________________________________________________

    The above post means exactly what it means, nothing more and nothing less then that!
    ________________________________________________________________________

    Um,and why is it that you cgoldman first say that you have 7 computers in my thread awaiting the 16.5 update, and then you state in this thread that you have only two? Which is it? 7 or 2?

    Re: NIS & NAV 2009 16.5.0.134 Update Roll Call

    cgoldman wrote:

    7 computers all waiting to go. I hope they dont forget this little island I am on, England

    http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=40243

    _______________________________________________________________________

    You fail later on in this thread Error thread to mention the other 5 computers, best guess is that it kind of slipped your mind as to exactly how many computers you actually do have, or for that matter, whose computers they are, or if they do exist at all!

    cgoldman let me help refresh your memory, as in this thread where you have posted for some help regarding a Trial or Cracked/Hacked version of Nod32 elsewhere on the net. Your first post in that thread states that you have your brother's laptop , and then later you slip up caught in your own lie by stating that it is actually your son's computer.

    Old July 28th, 2008, 04:10 PM
    goldman cgoldman is offline
    Infrequent Poster
    Join Date: Jul 2008
    Posts: 12

    Default NOD32 2.7 Update query

    I would appreciate some advice. My brother is away on hols, and has left me his laptop. It is runing Vista SP1. It has been working without issue. I have not used it for more than a week. When I turned it on today, I have Windows Security Center saying that ESET NOD32 antivirus system 2.70 reports that it might be out of date, ESET NOD32 antivirus
    system 2.70 has not provided Security Centre with a program to fix this issue.
    When I go to Control centre and update.
    It saysserver (choose automatically)
    Virus signature database update: offer
    Program component update: offer
    LAst update 13/07/2008
    Version of virus signature database 3263(20080711).
    When I run update now, it says it is updated.

    Is it uptodate, and how then do I resolve the Windows Security Centre report.

    July 31st, 2008, 03:06 PM
    HiTech_boy's Avatar
    HiTech_boy HiTech_boy is offline
    Incredibly Massive Poster
    Join Date: Apr 2006
    Location: Bulgaria
    Posts: 6,765

    Default Re: NOD32 2.7 Update query
    Quote:
    Originally Posted by cgoldman
    Suddenly I feel very stupid.

    Your mscreenshot shows that this computer has either trial or cracked/fixed version installed . ESET gives low priority on trial users so that when there is a server problems like the ones we notice these days , servers won't get overloaded from people using the program for free.

    You won't be able to update with that version these days because of the reasons I just wrote.

    July 31st, 2008, 05:28 PM
    cgoldman cgoldman is offline
    Infrequent Poster

    Join Date: Jul 2008
    Posts: 12
    Default Re: NOD32 2.7 Update query

    Quote:
    Originally Posted by HiTech_boy

    Your screenshot shows that this computer has either trial or cracked/fixed version installed . ESET gives low priority on trial users so that when there is a server problems like the ones we notice these days , servers won't get overloaded from people using the program for free.

    You won't be able to update with that version these days because of the reasons I just wrote.

    Well. this is interesting - and I get more red faced by the minute. I know this is my son's laptop, but he assured me it had been running NOD for a while. Are you really saying that trial versions cannot be updated. Can I establish if it is trial or cracked please. If latter I will remove it, hey presto! But if it is trial, then I am suprised the trial is prohibited from getting updates. But if you say that is so, I accept it, and need to move on.

    August 1st, 2008, 04:50 AM
    HiTech_boy's Avatar
    HiTech_boy HiTech_boy is offline
    Incredibly Massive Poster
    Join Date: Apr 2006
    Location: Bulgaria
    Posts: 6,765

    Default Re: NOD32 2.7 Update query
    Very interesting !

    In the first post you write this is your brother's laptop , now in the last one you mention your son's computer . So where the truth is ?

    Trial users do get updates but in cases like these , they have low priorities when servers are busy. If he uses v3 , the situation would have been a bit different.

    http://74.125.95.132/search?q=cache:UMhF-1ffOGsJ:www.wilderssecurity.com/showthread.php%3Ft%3D216264+cgoldman&cd=17&hl=en&ct=clnk&gl=ca

    You can't even remember your own BULL_CHITZ can you lol. So again, where is the truth coming from cgoldman? NOt!

    cgoldman you also state that you where working on 16.5 before it was released and advised Symantec of exactly this problem. Thus we can draw the conclusion that you are NOT a Symantec Employee, so where and from whom did you actually get the so called Special 16.5 file from prior to it being released? Was it from a Third party or from the Symantec Enhanced Testing, Or are you BULL_CHITTING again as you did when you where caught with your pants down over at wilderssecurity as noted above in the thread and link that i provided every one here to take a look at? Ouch lol

    Observing your behaviour on this forum through your posts, no need for me to C&P them all, I won't bother waisting any more of my time on you.

    It appears that you suffer from the following symptoms.

    Difficulty shifting attention from one task to another
    You are impatient
    Intolerant to frustration
    Easily irritated/extreme irritability
    Behavior problem,impulsive behaviors such as your preoccupation with a failure or Inadequacies
    Rapid unpredictable emotional changes
    Grandiosity, inflated self esteem
    Sleep problems
    Feelings of guilt
    Cry easily
    Have suicidal and occasional homicidal thoughts
    Anxiety
    Depression

    As problems accumulate for you cgoldman, a negativistic self-view becomes established.

    You seek attention, you try to find this attention through your computer via posts on this forum and elsewhere.

    You suffer from a co-morbid psychiatric condition, ie ADHD and manic depression.

    For you own safety and safety of others that may be around you, please explore counseling, if you have not, seek therapy and take the medication that your physician prescribes.

    _________________________________________________________________________

    cgoldman wrote:

    huwyngr

    To be honest, I wish people would give me some credit, I am an IT expert and I have been on this forum long enough to know to apply NRT's etc.

    Don't count on it at.
    _________________________________________________________________________

    The self proclaimed IT expert will NOT be the all mighty Saviour of man kind that will crack Error 8921.301

    It will be a Symantec Employee!

    Not You!

    Tim_LOPEZ First PM To Me Regarding The Deletion Of My Post :

    Removed Post
    From: Administrator Tim_Lopez
    Date: 03-22-2009 03:18 AM

    Hello Chris,

    Thanks for your contributions to the Norton Community Forums!

    I removed a post you had created in the Problem with LU "Failed to check for some updates" Error 8921,301 thread.

    While your post was filled with information that may have been beneficial, your post was in direct violation of the Participation Guidelines and Terms of Service, specifically the Keep it Courteous section:

    - Keep it courteous -

    Everyone wants to have a positive experience while visiting the Norton Community - please make sure that you are not detracting from any other participant's experience. In particular, please refrain from posting anything unlawful, libelous, defamatory, obscene, pornographic, indecent, lewd, harassing, threatening, harmful, invasive of privacy or publicity rights, abusive, inflammatory, ethnically, racially, religiously or sexually offensive, or otherwise objectionable or injurious to third
    parties.

    Your opinions are always welcome, but a personal attack or harassment ("flaming") either through the Norton Community boards, blogs or forums, or through the Personal Message system, is prohibited.

    Please remember that other community members can't see your facial expressions or hear the tone of your voice. It's easy for comments intended as harmless jokes to be mistaken for harsh, intentional criticism. While we strongly encourage open debates/discussions, we want to make sure that they take place in a climate of mutual respect.

    I know that your post was long and you probably took a long time posting it. I also know that you put "Bull Chitting" which is also in violation.

    I'll attach your post to this message. If you would like to edit it and re-post it keeping these things in mind, please do so. However, be sure to be respectful and courteous to the other users, even if you feel they are not being that way with you.

    Please note that this type of conduct on the forums will not be tolorated.

    Again, thank you for your contributions. I hope to see your again on the forums.

    Cheers,
    Tim Lopez
    Norton Forums Administrator
    Symantec Corporation

    My Reply Back PM Back To Tim_Lopez Regarding His PM :

    Re: Removed Post
    To: Administrator Tim_Lopez
    Date: 03-22-2009 06:01 AM

    Re: Removed Post
    To: Administrator Tim_Lopez

    Date: 03-22-2009 06:01 AM

    Why was my edited post deleted?

    I Then Send Another PM To Tim_Lopez Regarding My Deleted Post

    Re: Removed Post
    To: Administrator Tim_Lopez
    Date: 03-22-2009 06:12 AM

    You know as well as I do that there is definitely something Psychology wrong with this boy upstairs.

    I stayed quiet in that Error 8931.301 thread thereafter he attacked me in it, how ever the longer I thought about it I could not bring my self to be quiet further.

    I will tell you that if he does that 1 more time you will see posts from I and others bouncing on him that will even put that Pifts thread to shame.Therefore it might be a good Idea to PM cgoldman and ask him to check his attitude at the door. This is only a suggestion on my part. What you do is completely up to you.

    I am not here to cause a problem at all. I am here to help others if I can if I can.

    When you have a person such cgoldman whom thinks he is Coder all mighty jumping on other members as he has done it piss's people off, and I am NOT the only one that he has managed to do this too off on this forum.

    Never the less, I have re-edited as you suggested and reposted, being as courteous as I possibly could under the cicumstance

    I trust that it is sufficient

    Looking forward to talking with and seeing you in the forums as well

    Chris1

    I Then Make A Edit To My Original Deleted Post By Tim_Lopez To Conform To Their Forum Rules And Re-Post, This Is My Next Edited Post Conforming To Symantec Forunm Rules :

    Please note: I have received a PM from Tim_Lopez regarding my deleted post with the remarks I that I have made explaining exactly how I feel about the way cgoldman has treated some of the members on this board and my psychological assesment of him.

    To conform to the forum rules, I have made a Edit to my original post in this thread that was DELETED and have Re-posted.

    cgoldman this will be the one and only reply from me that you will receive.

    If you can not comprehend what I stated directly to >OscarL< and NOT you in my original first post of this thread on page one , then that is
    your problem and not mine.
    _______________________________________________________

    Chris1 wrote:

    OscarL the problem that most are having with the 16.5 LiveUpdate is not due to the end users location, type of pc, Os that they are using, network configuration nor their service provider.

    Behind a router, using DSL / cable internet? Been there done that.

    I have tried every conceivable manner of app configuration with the versions listed below in order :

    Starting with NIS V.16.2.0.7 installed

    Updating forward on to NIS V.16.5.0.135

    Reverting backwards to installing NIS V.16.0.0.125

    Reinstalling NIS V.16.2

    Then reinstalling NIS V.16.5.0.135

    Every suggestion that has been mentioned on this forum earlier today, which includes playing with the Lue.Log, dsconnecting routers, rebooting and so on, has all ready been tested by yours truly and with the help of 3 different people from Symantec Chat Support, along with 2 Symantec Chat Support Supervisers, all whom to which I have burnt out in the process,. This between last evening, up to early hours of this morning.

    As of this post, I have NOT been able to acquire full functionality of the NIS V.16.5.0.135 Live Update. Error 8921,301 remains.

    On each original reinstall, LiveUpdate worked only one time. Further attempt using Live Update thereafter produced Error 8921,301

    ________________________________________________________________________

    The above post means exactly what it means, nothing more and nothing less then that!
    ________________________________________________________________________

    Um, and why is it that you cgoldman first say that you have 7 computers in my thread awaiting the 16.5 update, and then you state in this thread that you have only two?

    Which is it? 7 or 2?

    Re: NIS & NAV 2009 16.5.0.134 Update Roll Call

    cgoldman wrote:

    7 computers all waiting to go. I hope they dont forget this little island I am on, England

    http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=40243

    _______________________________________________________________________

    You fail later on in this Error thread to mention the other 5 computers, best guess is that it kind of slipped your mind as to exactly how many computers you actually do have, or for that matter, whose computers they are, or if they do exist at all!

    cgoldman let me help refresh your memory, as in this thread where you have posted for some help regarding a Trial or Cracked/Hacked version of Nod32 elsewhere on the net.

    Your first post in that thread states that you have your brother's laptop , and then later you slip up caught in your own lie by stating that it is actually your son's computer.

    Old July 28th, 2008, 04:10 PM
    goldman cgoldman is offline
    Infrequent Poster
    Join Date: Jul 2008
    Posts: 12

    Default NOD32 2.7 Update query

    I would appreciate some advice. My brother is away on hols, and has left me his laptop. It is runing Vista SP1. It has been working without issue. I have not used it for more than a week. When I turned it on today, I have Windows Security Center saying that ESET NOD32 antivirus system 2.70 reports that it might be out of date, ESET NOD32 antivirus
    system 2.70 has not provided Security Centre with a program to fix this issue.
    When I go to Control centre and update.
    It saysserver (choose automatically)
    Virus signature database update: offer
    Program component update: offer
    LAst update 13/07/2008
    Version of virus signature database 3263(20080711).
    When I run update now, it says it is updated.

    Is it uptodate, and how then do I resolve the Windows Security Centre report.

    July 31st, 2008, 03:06 PM
    HiTech_boy's Avatar
    HiTech_boy HiTech_boy is offline
    Incredibly Massive Poster
    Join Date: Apr 2006
    Location: Bulgaria
    Posts: 6,765

    Default Re: NOD32 2.7 Update query
    Quote:
    Originally Posted by cgoldman
    Suddenly I feel very stupid.

    Your mscreenshot shows that this computer has either trial or cracked/fixed version installed . ESET gives low priority on trial users so that when there is a server problems like the ones we notice these days , servers won't get overloaded from people using the program for free.

    You won't be able to update with that version these days because of the reasons I just wrote.

    July 31st, 2008, 05:28 PM
    cgoldman cgoldman is offline
    Infrequent Poster

    Join Date: Jul 2008
    Posts: 12
    Default Re: NOD32 2.7 Update query

    Quote:
    Originally Posted by HiTech_boy

    Your screenshot shows that this computer has either trial or cracked/fixed version installed . ESET gives low priority on trial users so that when there is a server problems like the ones we notice these days , servers won't get overloaded from people using the program for free.

    You won't be able to update with that version these days because of the reasons I just wrote.

    Well. this is interesting - and I get more red faced by the minute. I know this is my son's laptop, but he assured me it had been running NOD for a while. Are you really saying that trial versions cannot be updated. Can I establish if it is trial or cracked please. If latter I will remove it, hey presto! But if it is trial, then I am suprised the trial is prohibited from getting updates. But if you say that is so, I accept it, and need to move on.

    August 1st, 2008, 04:50 AM
    HiTech_boy's Avatar
    HiTech_boy HiTech_boy is offline
    Incredibly Massive Poster
    Join Date: Apr 2006
    Location: Bulgaria
    Posts: 6,765

    Default Re: NOD32 2.7 Update query
    Very interesting !

    In the first post you write this is your brother's laptop , now in the last one you mention your son's computer . So where the truth is ?

    Trial users do get updates but in cases like these , they have low priorities when servers are busy. If he uses v3 , the situation would have been a bit different.


    http://74.125.95.132/search?q=cache:UMhF-1ffOGsJ:www.wilderssecurity.com/showthread.php%3Ft%3D216264+cgoldman&cd=17&hl=en&ct=clnk&gl=ca

    You can't even remember your own Lies can you lol. So again, where is the truth coming from cgoldman? NOt!

    cgoldman you also state that you where working on 16.5 before it was released and advised Symantec of exactly this problem. Thus we can draw the conclusion that you are NOT a Symantec Employee, so where and from whom did you actually get the so called Special 16.5 file from prior to it being released? Was it from a Third party or from the Symantec Enhanced Testing, Or are you BULL_CHITTING again as you did when you where caught with your pants down over at wilderssecurity as noted above in the thread and link that i provided every one here to take a look at? Ouch lol
    _________________________________________________________________________

    cgoldman wrote:

    huwyngr

    To be honest, I wish people would give me some credit, I am an IT expert and I have been on this forum long enough to know to apply NRT's etc.

    Don't count on it at.
    _________________________________________________________________________

    The self proclaimed IT expert will NOT be the all mighty Saviour of man kind that will crack Error 8921.301

    It will be a Symantec Employee!

    Not You!

    Next I Find That My Edited Post Has Been Deleted By Symantec Mod shannons.

    Remoned message
    From: Moderator shannons

    Date: 03-22-2009 06:13 AM

    Hi Chris1,
    I’m sorry to let you know that your recent post,Re: Problem with LU "Failed to check for some updates" Error 8921,30, has been removed because it violates Community Forum guidelines, which prohibit rude behavior, in addition to sharing PM content:

    I Then Send Her A C&P Of My Original PM From Symantec Admin Tim_Lopez :

    Re: Removed Post
    To: Moderator shannons
    Date: 03-22-2009 06:17 AM

    shannons I have re-edit my original post and it conforms to the rules! Please put my re-edited post back up!

    I Do NOT Receive A Return Reply Back From Her With Regard To Her Deleting My Post So I Re-Post My Edited Post Again And Once Again It Gets Deleted Gets Deleted By Symantec Staff

    I Re-Post Again, My Edited Post Gets DELETED Another Time Which Is 4 Times In Total.

    I Then Receive This Last Pm From Tim_Lopez Stating That He Is Going To Ban My Ass From The Symantec Forum If I Continue On Posting!

    Way To Go Symantec, IT Brings A New Meaning To "SYMANTEC DOES NOT DELETE POSTS ON THIS FORUM" ONCE AGAIN WE RECEIVE MORE BULLSHIT FROM SYMANTEC IN HOPE THAT THEIR UN-SATISFIED PAYING CUSTOMERS WILL BE KEPT QUIET!

    Removed Message

    From: Administrator Tim_Lopez
    Date: 03-22-2009 11:44 AM
    PLEASE READ THIS ENTIRE MESSAGE

    Hi Chris, Again, thank you for your contributions to the forums.

    The message that you posted the thread Problem with LU "Failed to check for some updates" Error 8921,301 has again been removed for violation of the Participation Guidelines and Terms of Service. Specifically these sections:

    - Keep it courteous -
    Everyone wants to have a positive experience while visiting the Norton Community - please make sure that you are not detracting from any other participant's experience. In particular, please refrain from posting anything unlawful, libelous, defamatory, obscene, pornographic, indecent, lewd,harassing, threatening, harmful, invasive of privacy or publicity rights, abusive, inflammatory, ethnically, racially, religiously or sexually offensive, or otherwise objectionable or injurious to third parties.

    Your opinions are always welcome, but a personal attack or harassment ("flaming") either through the Norton Community boards, blogs or forums, or through the Personal Message system, is prohibited.

    Please remember that other community members can't see your facial expressions or hear the tone of your voice. It's easy for comments intended as harmless jokes to be mistaken for harsh, intentional criticism. While we strongly encourage open debates/discussions, we want to make sure that they take place in a climate of mutual respect.

    - Personal Messaging policy -

    The Personal Messaging (PM) tool is available for any user to use to contact any other user or moderator on the Norton Community Forums. You can access the PM tool by selecting the envelope icon on the top right-hand section of the community. Any PM is a personal correspondence between you and the party to whom it is sent. Before posting any PM correspondence in a public board you must ask and receive permission to do so from the other party. This policy also applies to email and others forms of communication.

    While you may have made edits that you seem take away from the original reason that this post was removed, the personal attack against cgoldman is still present in the post. This will not be tolerated for any users on this forum. You must refrain from posting messages that would be in violation of this, as well as any of our other Participation Guidelines or Terms of Service.

    Also, sharing PM's that you receive is in direct violation from the Participation Guidelines. I know that you were warned about this in the message you received from Shannon. However when you re-posted the message, you put the PM I sent you in there a second time.

    Please be advised that this type of behavior will not be tolerated on the Norton Community Forums.

    Regards,

    Tim Lopez
    Norton Forums Administrator
    Symantec Corporation

    END.

    ReplyDelete
  67. Symantec/Norton Censorship

    It appears that Symantec/Norton is up to their old tricks again

    Censoring any person be it a paying customer or not, that asks them a viable question on their forums relating to one of their most recent blunders, the release of their Update V.16.5.0.134 & V.16.5.0.135.

    As of this blog I have now been Banned from the Norton forums.

    I will provide you all with my Original Thread Starter (questions) on the Norton forum that was directed toward Mr.Dave_Coleman Symantec Employee prior to him Deleting my thread, Editing It, re posting the Edited version back on the forums minutes later, then deleting another post that I had made In reply, there after forwarding on toward his PM & his Banning of me on the forum :

    To Dave_Coleman Regarding The 16.5 Update

    Chris1
    Regular Contributor
    Posts: 68
    03-23-2009 06:02 PM

    Chris1

    Message 1 of 1

    Viewed 1 time

    This question is directed to Mr.Dave_Coleman, no one else need reply in this thread outside of him.

    What is Symantec doing to rectify Error 8921,246 & Error 8921,301 that some users of your product are receiving?

    Symantec you have paying customers that expect to receive what they pay for, that is a FULLY OPERATIONAL PRODUCT!

    Above as you can view was my original post in the thread that I started on that forum.

    A minute there after posting such, I find that my original thread was DELETED entirely, then miraculously reappears being Edited for Symantecs liking, by whom you ask, Dave_Coleman of course. This along with a follow up post by the Norton forums so called Guru cgoldman.

    Re: Regarding The 16.5 Update

    What is Symantec doing to rectify Error 8921,246 & Error 8921,301 that some users of your product are receiving?

    Symantec you have paying customers that expect to receive what they pay for, that is a FULLY OPERATIONAL PRODUCT!

    Message Edited by Dave_Coleman on 03-23-2009 06:24 PM

    Next Norton forums Guru cgoldman appears out of the blue with a reply in my thread:

    cgoldman Spyware Scolder*Guru
    Spyware Scolder
    Posts: 643
    03-23-2009 06:33 PM

    cgoldman

    Message 2 of 2

    Symantec are working with me to isolate causes of these errors. It requires a programme to be written which will acquire data from one or both of my two affected machines (the other 5 do not suffer this particular problem although 1 of the 5 is unable to update to 16.5).

    Meanwhile, if you refer to any of the three threads that relate to these error msgs you will see that there is a new temporary workaround suggestion. This is somewhat easier to implement than the 1st workaround and applies where users have a router with a hardware firewall. The suggestion is that you retest having disabled the hardware firewall. Of course I quite understand if you do not wish to do so, and in that event you may of course await for any solution to be patched in due course.

    I then re post as below :

    WTF is going on here? My original Thread/Post and Its Title is being changed by Mr.Dave_Coleman with out him even aswering the questions that have been directed to him by me?

    Furthermore cgoldman what part of the English vocabulary do you NOT understand? This thread that I started Including the questions that I have asked where directed at Mr.Dave_Coleman and NOT you!

    cgoldman are you actually Mr.Dave_Coleman that is using a different nick on this forum or not?

    Poof with in seconds the above post of mine in that thread is DELETED.

    I then receive a PM. I veiw the Pm and It Is from guess who, Mr.Dave_Coleman.

    It states :

    16.5 Update
    From: Symantec Employee Dave_Coleman
    Date: 03-23-2009 06:31 PM

    Hi Chris1,

    There is no need to call anyone out by name on the forums. This is an open community forum and is available for anyone from Symantec to reply. If you wanted to message someone directly, please use the Private Message feature as I am using now. I have edited your post to remove my name from the message.

    Unfortunatly, I have no answer for your question; But I will pass it along to another employee and I would expect them to get back to you within 24 hours. If you would like a swifter response, perhaps Tech Support can help you.

    Cheers,
    Dave

    Now isn't that just sweet, Mr.Dave_Coleman Symantec Employee Beta Test Manager of
    Symantec Corporation sends me a PM regarding the Edit that he made to my thread and post.

    I then send Mr.Dave_Coleman a reply back that states :

    You & I both know that the problem with your Live Update not functioning properly where as your customers are receiving Error 8921.301 originates from Symantecs end and NOT the user.

    He receives my PM and then he Ban's my Ass from the Norton forum a split second later lol.

    We're sorry, but you have been banned from using this site.

    Now readers of this blog, please tell me that the above is NOT Censorship at Its Best lol

    ReplyDelete
  68. ^ & ^^ Hey, anonymous, why are you crapping on my blog? Do you work for the FBI? Are you trying to make my comment section unreadable? I'm going to turn the anonymous posting function off to prevent government agents like yourself from filling this page up with garbage.

    ReplyDelete
  69. If you are referring to the above 2 posts

    1.) Not intended to do so
    2.) Absolutely not at all
    3.) No
    4.) Do not bother turning it off, if you wish and can then just delete the posts

    ReplyDelete