Loading ...
Sorry, an error occurred while loading the content.
 

Is rootbeerkit.com a scam?

Expand Messages
  • cefwis
    Twice recently, my web brouser has somehow been directed (don t know how) to a site that purportedly performs a quick scan of my system and then returns a
    Message 1 of 12 , Dec 26, 2009
      Twice recently, my web brouser has somehow been directed (don't know how) to a site that purportedly performs a quick scan of my system and then returns a doomsday report listing hundreds of trojans and other evil beings lurking on my computer, just waiting to attack. To remove them, the site asks me to click a button, which downloads a program called "install.exe." I have not run this program and am a bit suspicious, since the site from which it originates appears to be something called rootbeerkit.com. Never heard of it.

      Has anybody else had this experience? Is rootbeerkit.com legit or a scam? Thanks, and Happy New Year!

      -Charlie

      ---------

      Charles E. Friederich - cefwis@...
      601 10th St. Brodhead, WI 53520 608-897-2399
    • Axel Berger
      ... A personnel consultant who used to write (perhaps still does) in the VDI-nachrichten had a recurring catch phrase. Noting that unfortunate breaks in vitae
      Message 2 of 12 , Dec 26, 2009
        cefwis wrote:
        > Twice recently, my web brouser has somehow been directed
        > (don't know how) to a site

        > Is rootbeerkit.com legit or a scam?

        A personnel consultant who used to write (perhaps still does) in the
        VDI-nachrichten had a recurring catch phrase. Noting that unfortunate
        breaks in vitae often began with "and then I was made an offer" he used
        to state:

        An offer or proposal is always good -- for the one making it.

        Taking over your machine and directing it to them without your seeking
        them out takes effort. So either they are asking for money straight out
        or you'll have to ask yourself, what's in it for them? Nothing good, I
        fear.

        On the web they offer an empty page with no content except for trying to
        run three scripts, which I am not going to allow. It might be
        interesting to get and read them, but I won't be bothered right now.

        Axel
      • Gerard Huijing
        ... A happy XMas to you too, and to all the NTB board members. Keep yourself happy and do not run the installer. Download a free bona fide malware sacanner.
        Message 3 of 12 , Dec 26, 2009
          On 12/27/2009 01:42 AM, cefwis wrote:
          >
          >
          > Twice recently, my web brouser has somehow been directed (don't know
          > how) to a site that purportedly performs a quick scan of my system and
          > then returns a doomsday report listing hundreds of trojans and other
          > evil beings lurking on my computer, just waiting to attack. To remove
          > them, the site asks me to click a button, which downloads a program
          > called "install.exe." I have not run this program and am a bit
          > suspicious, since the site from which it originates appears to be
          > something called rootbeerkit.com. Never heard of it.
          >
          > Has anybody else had this experience? Is rootbeerkit.com legit or a
          > scam? Thanks, and Happy New Year!
          >
          > -Charlie
          >
          > ---------
          >
          > Charles E. Friederich - cefwis@... <mailto:cefwis%40yahoo.com>
          > 601 10th St. Brodhead, WI 53520 608-897-2399

          A happy XMas to you too, and to all the NTB board members.

          Keep yourself happy and do not run the installer.

          Download a free bona fide malware sacanner. one like AVG, or Comodo, or
          trialware like ESET NOD32 -- and there are a whole lot more.

          I personally would prefer to download and install security software
          instead of an online security check if I were in your shoes. I have
          experienced ludicrous results with on line scanners too, e.g. one that
          classed all the malware definitions/fingerprints of a security program
          as hundreds and hundreds of separate malicious infections. And that was
          a bona fide scanner of a reputable firm.

          Now look what is amiss according to this other scanner.

          In any case, at the moment you have a browser hijacker and a dodgy
          installer on your system, and chances are that any good security
          software will recognize them as malicious and remove them.

          Cheers,

          Gerard


          --
          Gerard (E.G.P.) Huijing
          2312 ZD Leiden
          Netherlands
          inboxgen@...
        • loro
          ... Scam. Maybe malware, maybe they just try to sell you a program you don t need. I ve been roped in lots of times, but never stayed long enough to find out
          Message 4 of 12 , Dec 27, 2009
            Charlie wrote:
            >Twice recently, my web brouser has somehow been directed (don't know
            >how) to a site that purportedly performs a quick scan of my system
            >and then returns a doomsday report listing hundreds of trojans and
            >other evil beings lurking on my computer, just waiting to attack.

            Scam. Maybe malware, maybe they just try to sell you a program you
            don't need. I've been roped in lots of times, but never stayed long
            enough to find out what it's about. An annoyance for sure.

            >To remove them, the site asks me to click a button, which downloads
            >a program called "install.exe." I have not run this program and am
            >a bit suspicious, since the site from which it originates appears to
            >be something called rootbeerkit.com. Never heard of it.

            They have different domains, I think. I recognize the setup and the
            site, but not the domain name. I think I would have remembered it
            since the name is rather funny. You don't have a virus anyway, at
            least you hadn't before you went there. They do it through ads on
            other sites that redirect you to their site. I don't think you have
            to worry, I haven't gotten anything as far as I've noticed, but don't
            run that installer.

            Lotta
          • loro
            Were are my manners? Happy Holidays to all! :-) Lotta
            Message 5 of 12 , Dec 27, 2009
              Were are my manners? Happy Holidays to all! :-)

              Lotta
            • Stephen Riddle
              When I have such a question, I visit one of the domainTools sites such as http://whois.domaintools.com/ ... http://whois.domaintools.com/rootbeerkit.com All I
              Message 6 of 12 , Dec 27, 2009
                When I have such a question, I visit one of the domainTools sites such as
                http://whois.domaintools.com/
                >>>>>>
                http://whois.domaintools.com/rootbeerkit.com

                All I would need to know, is the contact information is addresses like:

                jammesmmorgan@...,
                dodgit.com is a website that does nothing but provide
                temporary email addresses (for some loss of privacy and security, I suspect).
                Also "James Morgan" owns about 338 other domains.
                My verdict. You are right, don't trust him.
                If I were using FireFox, I would block this web address.
                Then, I would block it with my firewall settings.


                On Sun, 27 Dec 2009 10:34:09 +0100
                loro <tabbie@...> wrote:

                > Charlie wrote:
                > >Twice recently, my web brouser has somehow been directed (don't know
                > >how) to a site that purportedly performs a quick scan of my system
                > >and then returns a doomsday report listing hundreds of trojans and
                > >other evil beings lurking on my computer, just waiting to attack.
                >
                > Scam. Maybe malware, maybe they just try to sell you a program you
                > don't need. I've been roped in lots of times, but never stayed long
                > enough to find out what it's about. An annoyance for sure.
                >
                > >To remove them, the site asks me to click a button, which downloads
                > >a program called "install.exe." I have not run this program and am
                > >a bit suspicious, since the site from which it originates appears to
                > >be something called rootbeerkit.com. Never heard of it.
                >
                > They have different domains, I think. I recognize the setup and the
                > site, but not the domain name. I think I would have remembered it
                > since the name is rather funny. You don't have a virus anyway, at
                > least you hadn't before you went there. They do it through ads on
                > other sites that redirect you to their site. I don't think you have
                > to worry, I haven't gotten anything as far as I've noticed, but don't
                > run that installer.
                >
                > Lotta
                >


                --
                Stephen Riddle <stephen@...>
              • thefrankwmx
                If they are not selling a kit to make root beer, then who cares? Happy New Year to all! tf
                Message 7 of 12 , Dec 28, 2009
                  If they are not selling a kit to make root beer, then who cares?

                  Happy New Year to all!

                  tf
                • Al
                  ... Be more than a bit suspicious. And, Do not run that. delete it. bit bucket
                  Message 8 of 12 , Dec 28, 2009
                    <snip a web site pronounced my computer as having trojans and viruses on
                    it.>
                    > To remove them, (the viruses) the site asks me to click a button, which downloads a program called "install.exe." I have not run this program and am a bit suspicious
                    Be more than a bit suspicious. And, Do not run that. delete it. bit
                    bucket in the sky, etc. empty trash too.
                    > Has anybody else had this experience? Is rootbeerkit.com legit or a scam? Thanks, and Happy New Year
                    social engineering, phishing, whatever you want to call it, is
                    widespread on the www.

                    masquerade -- ie something that "appears to be" something that it is
                    not. Many people (make a mistake) and run that - and in so doing - they
                    install a virus/spyware onto their computer -- it continues to
                    masquerade as a protection against virus/trojan. But, after a while --
                    guess what? You'll never guess -- it wants money (your dangers have
                    escalated, therefore you need me now more than ever -- your trial period
                    is over - send money to thus and such place

                    Only use known and trusted sources to direct yourself to where you
                    procure software for yourself.

                    My Linux console has whois app which can search whois database. Two
                    whois search results follow.

                    al@P5Q:~$ whois rootbeerkit.com

                    Domain names in the .com and .net domains can now be registered
                    with many different competing registrars. Go to http://www.internic.net
                    for detailed information.

                    Domain Name: ROOTBEERKIT.COM
                    Registrar: REGTIME LTD.
                    Whois Server: whois.regtime.net
                    Referral URL: http://www.webnames.ru

                    Name Server: NS1.ROOTBEERKIT.COM
                    Name Server: NS2.ROOTBEERKIT.COM
                    Status: ok
                    Updated Date: 26-dec-2009
                    Creation Date: 24-dec-2009
                    Expiration Date: 24-dec-2010

                    >>> Last update of whois database: Tue, 29 Dec 2009 04:33:30 UTC <<<

                    <snip>

                    Domain name: rootbeerkit.com

                    Name servers:
                    ns1.rootbeerkit.com
                    ns2.rootbeerkit.com

                    Registrar: Regtime Ltd.
                    Creation date: 2009-12-24
                    Expiration date: 2010-12-24
                    Status: active

                    Registrant:
                    James Morgan
                    Email: jamesmmorgan@...
                    Organization: Private person
                    Address: 1613 Clair Street
                    City: Killeen
                    State: TX
                    ZIP: 76541
                    Country: US
                    Phone: +1.2546165772
                    Fax: +1.2546165772
                    Administrative Contact:
                    Anna Gregory
                    Email: annafgregory@...
                    Organization: Private person
                    Address: 3230 Hinkle Deegan Lake Road
                    City: ALLEN
                    State: KY
                    ZIP: 41601
                    Country: US
                    Phone: +1.6069756207
                    Fax: +1.6069756207
                    Technical Contact:
                    Shirley Rhodes
                    Email: shirleyjrhodes@...
                    Organization: Private person
                    Address: 1950 Holt Street
                    City: Boca Raton
                    State: FL
                    ZIP: 33432
                    Country: US
                    Phone: +1.5613479912
                    Fax: +1.5613479912
                    Billing Contact:
                    James Morgan
                    Email: jamesmmorgan@...
                    Organization: Private person
                    Address: 1613 Clair Street
                    City: Killeen
                    State: TX
                    ZIP: 76541
                    Country: US
                    Phone: +1.2546165772
                    Fax: +1.2546165772



                    al@P5Q:~$ whois dodgit.com

                    Domain names in the .com and .net domains can now be registered
                    with many different competing registrars. Go to http://www.internic.net
                    for detailed information.

                    Domain Name: DODGIT.COM
                    Registrar: GODADDY.COM, INC.
                    Whois Server: whois.godaddy.com
                    Referral URL: http://registrar.godaddy.com
                    Name Server: NS12.ZONEEDIT.COM
                    Name Server: NS19.ZONEEDIT.COM
                    Status: clientDeleteProhibited
                    Status: clientRenewProhibited
                    Status: clientTransferProhibited
                    Status: clientUpdateProhibited
                    Updated Date: 25-nov-2009
                    Creation Date: 24-nov-2003
                    Expiration Date: 24-nov-2010

                    >>> Last update of whois database: Tue, 29 Dec 2009 04:34:01 UTC <<<

                    <snip>


                    Registrant:
                    Domains by Proxy, Inc.
                    DomainsByProxy.com
                    15111 N. Hayden Rd., Ste 160, PMB 353
                    Scottsdale, Arizona 85260
                    United States

                    Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
                    Domain Name: DODGIT.COM
                    Created on: 24-Nov-03
                    Expires on: 24-Nov-10
                    Last Updated on: 25-Nov-09

                    Administrative Contact:
                    Private, Registration DODGIT.COM@...
                    Domains by Proxy, Inc.
                    DomainsByProxy.com
                    15111 N. Hayden Rd., Ste 160, PMB 353
                    Scottsdale, Arizona 85260
                    United States
                    (480) 624-2599 Fax -- (480) 624-2598

                    Technical Contact:
                    Private, Registration DODGIT.COM@...
                    Domains by Proxy, Inc.
                    DomainsByProxy.com
                    15111 N. Hayden Rd., Ste 160, PMB 353
                    Scottsdale, Arizona 85260
                    United States
                    (480) 624-2599 Fax -- (480) 624-2598

                    Domain servers in listed order:
                    NS12.ZONEEDIT.COM
                    NS19.ZONEEDIT.COM
                  • Al
                    al@P5Q:~$ whois trashymail.com Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to
                    Message 9 of 12 , Dec 28, 2009
                      al@P5Q:~$ whois trashymail.com

                      Domain names in the .com and .net domains can now be registered
                      with many different competing registrars. Go to http://www.internic.net
                      for detailed information.

                      Domain Name: TRASHYMAIL.COM
                      Registrar: GODADDY.COM, INC.
                      Whois Server: whois.godaddy.com
                      Referral URL: http://registrar.godaddy.com
                      Name Server: NS51.DOMAINCONTROL.COM
                      Name Server: NS52.DOMAINCONTROL.COM
                      Status: clientDeleteProhibited
                      Status: clientRenewProhibited
                      Status: clientTransferProhibited
                      Status: clientUpdateProhibited
                      Updated Date: 02-apr-2009
                      Creation Date: 23-apr-2007
                      Expiration Date: 23-apr-2011

                      >>> Last update of whois database: Tue, 29 Dec 2009 05:14:58 UTC <<<

                      Please note: the registrant of the domain name is specified
                      in the "registrant" field. In most cases, GoDaddy.com, Inc.
                      is not the registrant of domain names listed in this database.


                      Registrant:
                      Michael Weber
                      2-4-3 Minami Ogikubo
                      Tokyo, Tokyo 1670052
                      Japan

                      Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
                      Domain Name: TRASHYMAIL.COM
                      Created on: 23-Apr-07
                      Expires on: 23-Apr-11
                      Last Updated on: 02-Apr-09

                      Administrative Contact:
                      Weber, Michael wwwmichi@...
                      2-4-3 Minami Ogikubo
                      Tokyo, Tokyo 1670052
                      Japan
                      5055396801 Fax --

                      Technical Contact:
                      Weber, Michael wwwmichi@...
                      2-4-3 Minami Ogikubo
                      Tokyo, Tokyo 1670052
                      Japan
                      5055396801 Fax --

                      Domain servers in listed order:
                      NS51.DOMAINCONTROL.COM
                      NS52.DOMAINCONTROL.COM
                    • Axel Berger
                      ... After having had a look at the three scripts I went out on a limb and ran them in Opera on W98. I hope I m still clean, but am mildly confident. But to be
                      Message 10 of 12 , Dec 28, 2009
                        Al wrote:
                        > masquerade -- ie something that "appears to be" something
                        > that it is not. Many people (make a mistake) and run that

                        After having had a look at the three scripts I went out on a limb and
                        ran them in Opera on W98. I hope I'm still clean, but am mildly
                        confident. But to be honest, someone falling for that kind of
                        meaningless film show must be very naive, in less polite company I might
                        have said something else. And running a full fledged exe from that
                        provenience - I ask you.

                        Axel
                      • Al
                        ... They were likely engineered for Win XP whereby they likely do not work on Win 98 I d run them in my Linux. But, somehow, Linux isn t Win. So, somehow,
                        Message 11 of 12 , Dec 28, 2009
                          Axel Berger wrote:
                          > Al wrote:
                          >
                          >> masquerade -- ie something that "appears to be" something
                          >> that it is not. Many people (make a mistake) and run that
                          >>
                          >
                          > After having had a look at the three scripts I went out on a limb and
                          > ran them in Opera on W98. I hope I'm still clean, but am mildly
                          > confident.
                          They were likely engineered for Win XP whereby they likely do not work
                          on Win 98

                          I'd run them in my Linux. But, somehow, Linux isn't Win. So, somehow,
                          they don't run, even if I try to run them. Is that what you call "built
                          in virus protection?"

                          al@P5Q:~$ cat /etc/slackware-version
                          Slackware 12.2.0
                          al@P5Q:~$

                          Har har <grin>. And, yes, I know "support libraries, environment, etc."
                          do not at all match up (not even whatsoever) between Linux and Win.

                          That's what wine is for. And also, virtual machine.
                          > But to be honest, someone falling for that kind of
                          > meaningless film show must be very naive,
                          My 87 year old father fell for it. He had upwards of 50 viruses on his
                          Win XP. But I got him on Linux now. Problem solved.

                          --
                          Alan.



                          [Non-text portions of this message have been removed]
                        • Larry Hamilton
                          Charles, This is very suspicious behavior. I recommend avoiding anything to do with this until you have done a thorough scan of your system. I recommend using
                          Message 12 of 12 , Dec 30, 2009
                            Charles,

                            This is very suspicious behavior. I recommend avoiding anything to do
                            with this until you have done a thorough scan of your system.

                            I recommend using the free version of MalwareBytes from
                            http://www.malwarebytes.org/mbam.php. Do the full scan after updating
                            to the latest signature file.

                            I also recommend that you get up-to-date anti-virus software. A good
                            free one is Microsoft Security Essentials. It is for WinXP, Vista and
                            Win7.

                            If the MalwareBytes does not install or finds nothing, then I would be
                            very surprised.

                            Google also has a safe browsing page and lists rootbeerkit.com as suspicious.

                            http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=rootbeerkit.com

                            HTH,

                            ~ Larry

                            On Sat, Dec 26, 2009 at 7:42 PM, cefwis
                            <charlie53520-subscriptions@...> wrote:
                            > Twice recently, my web brouser has somehow been directed (don't know how) to a site that purportedly performs a quick scan of my system and then returns a doomsday report listing hundreds of trojans and other evil beings lurking on my computer, just waiting to attack.  To remove them, the site asks me to click a button, which downloads a program called "install.exe."  I have not run this program and am a bit suspicious, since the site from which it originates appears to be something called rootbeerkit.com.  Never heard of it.
                            >
                            > Has anybody else had this experience?  Is rootbeerkit.com legit or a scam?  Thanks, and Happy New Year!
                            >
                            > -Charlie
                            >
                            > ---------
                            >
                            > Charles E. Friederich  -  cefwis@...
                            > 601 10th St.  Brodhead, WI  53520   608-897-2399
                          Your message has been successfully submitted and would be delivered to recipients shortly.