Loading ...
Sorry, an error occurred while loading the content.

Re: [NTO] Is rootbeerkit.com a scam?

Expand Messages
  • loro
    ... Scam. Maybe malware, maybe they just try to sell you a program you don t need. I ve been roped in lots of times, but never stayed long enough to find out
    Message 1 of 12 , Dec 27, 2009
    • 0 Attachment
      Charlie wrote:
      >Twice recently, my web brouser has somehow been directed (don't know
      >how) to a site that purportedly performs a quick scan of my system
      >and then returns a doomsday report listing hundreds of trojans and
      >other evil beings lurking on my computer, just waiting to attack.

      Scam. Maybe malware, maybe they just try to sell you a program you
      don't need. I've been roped in lots of times, but never stayed long
      enough to find out what it's about. An annoyance for sure.

      >To remove them, the site asks me to click a button, which downloads
      >a program called "install.exe." I have not run this program and am
      >a bit suspicious, since the site from which it originates appears to
      >be something called rootbeerkit.com. Never heard of it.

      They have different domains, I think. I recognize the setup and the
      site, but not the domain name. I think I would have remembered it
      since the name is rather funny. You don't have a virus anyway, at
      least you hadn't before you went there. They do it through ads on
      other sites that redirect you to their site. I don't think you have
      to worry, I haven't gotten anything as far as I've noticed, but don't
      run that installer.

      Lotta
    • loro
      Were are my manners? Happy Holidays to all! :-) Lotta
      Message 2 of 12 , Dec 27, 2009
      • 0 Attachment
        Were are my manners? Happy Holidays to all! :-)

        Lotta
      • Stephen Riddle
        When I have such a question, I visit one of the domainTools sites such as http://whois.domaintools.com/ ... http://whois.domaintools.com/rootbeerkit.com All I
        Message 3 of 12 , Dec 27, 2009
        • 0 Attachment
          When I have such a question, I visit one of the domainTools sites such as
          http://whois.domaintools.com/
          >>>>>>
          http://whois.domaintools.com/rootbeerkit.com

          All I would need to know, is the contact information is addresses like:

          jammesmmorgan@...,
          dodgit.com is a website that does nothing but provide
          temporary email addresses (for some loss of privacy and security, I suspect).
          Also "James Morgan" owns about 338 other domains.
          My verdict. You are right, don't trust him.
          If I were using FireFox, I would block this web address.
          Then, I would block it with my firewall settings.


          On Sun, 27 Dec 2009 10:34:09 +0100
          loro <tabbie@...> wrote:

          > Charlie wrote:
          > >Twice recently, my web brouser has somehow been directed (don't know
          > >how) to a site that purportedly performs a quick scan of my system
          > >and then returns a doomsday report listing hundreds of trojans and
          > >other evil beings lurking on my computer, just waiting to attack.
          >
          > Scam. Maybe malware, maybe they just try to sell you a program you
          > don't need. I've been roped in lots of times, but never stayed long
          > enough to find out what it's about. An annoyance for sure.
          >
          > >To remove them, the site asks me to click a button, which downloads
          > >a program called "install.exe." I have not run this program and am
          > >a bit suspicious, since the site from which it originates appears to
          > >be something called rootbeerkit.com. Never heard of it.
          >
          > They have different domains, I think. I recognize the setup and the
          > site, but not the domain name. I think I would have remembered it
          > since the name is rather funny. You don't have a virus anyway, at
          > least you hadn't before you went there. They do it through ads on
          > other sites that redirect you to their site. I don't think you have
          > to worry, I haven't gotten anything as far as I've noticed, but don't
          > run that installer.
          >
          > Lotta
          >


          --
          Stephen Riddle <stephen@...>
        • thefrankwmx
          If they are not selling a kit to make root beer, then who cares? Happy New Year to all! tf
          Message 4 of 12 , Dec 28, 2009
          • 0 Attachment
            If they are not selling a kit to make root beer, then who cares?

            Happy New Year to all!

            tf
          • Al
            ... Be more than a bit suspicious. And, Do not run that. delete it. bit bucket
            Message 5 of 12 , Dec 28, 2009
            • 0 Attachment
              <snip a web site pronounced my computer as having trojans and viruses on
              it.>
              > To remove them, (the viruses) the site asks me to click a button, which downloads a program called "install.exe." I have not run this program and am a bit suspicious
              Be more than a bit suspicious. And, Do not run that. delete it. bit
              bucket in the sky, etc. empty trash too.
              > Has anybody else had this experience? Is rootbeerkit.com legit or a scam? Thanks, and Happy New Year
              social engineering, phishing, whatever you want to call it, is
              widespread on the www.

              masquerade -- ie something that "appears to be" something that it is
              not. Many people (make a mistake) and run that - and in so doing - they
              install a virus/spyware onto their computer -- it continues to
              masquerade as a protection against virus/trojan. But, after a while --
              guess what? You'll never guess -- it wants money (your dangers have
              escalated, therefore you need me now more than ever -- your trial period
              is over - send money to thus and such place

              Only use known and trusted sources to direct yourself to where you
              procure software for yourself.

              My Linux console has whois app which can search whois database. Two
              whois search results follow.

              al@P5Q:~$ whois rootbeerkit.com

              Domain names in the .com and .net domains can now be registered
              with many different competing registrars. Go to http://www.internic.net
              for detailed information.

              Domain Name: ROOTBEERKIT.COM
              Registrar: REGTIME LTD.
              Whois Server: whois.regtime.net
              Referral URL: http://www.webnames.ru

              Name Server: NS1.ROOTBEERKIT.COM
              Name Server: NS2.ROOTBEERKIT.COM
              Status: ok
              Updated Date: 26-dec-2009
              Creation Date: 24-dec-2009
              Expiration Date: 24-dec-2010

              >>> Last update of whois database: Tue, 29 Dec 2009 04:33:30 UTC <<<

              <snip>

              Domain name: rootbeerkit.com

              Name servers:
              ns1.rootbeerkit.com
              ns2.rootbeerkit.com

              Registrar: Regtime Ltd.
              Creation date: 2009-12-24
              Expiration date: 2010-12-24
              Status: active

              Registrant:
              James Morgan
              Email: jamesmmorgan@...
              Organization: Private person
              Address: 1613 Clair Street
              City: Killeen
              State: TX
              ZIP: 76541
              Country: US
              Phone: +1.2546165772
              Fax: +1.2546165772
              Administrative Contact:
              Anna Gregory
              Email: annafgregory@...
              Organization: Private person
              Address: 3230 Hinkle Deegan Lake Road
              City: ALLEN
              State: KY
              ZIP: 41601
              Country: US
              Phone: +1.6069756207
              Fax: +1.6069756207
              Technical Contact:
              Shirley Rhodes
              Email: shirleyjrhodes@...
              Organization: Private person
              Address: 1950 Holt Street
              City: Boca Raton
              State: FL
              ZIP: 33432
              Country: US
              Phone: +1.5613479912
              Fax: +1.5613479912
              Billing Contact:
              James Morgan
              Email: jamesmmorgan@...
              Organization: Private person
              Address: 1613 Clair Street
              City: Killeen
              State: TX
              ZIP: 76541
              Country: US
              Phone: +1.2546165772
              Fax: +1.2546165772



              al@P5Q:~$ whois dodgit.com

              Domain names in the .com and .net domains can now be registered
              with many different competing registrars. Go to http://www.internic.net
              for detailed information.

              Domain Name: DODGIT.COM
              Registrar: GODADDY.COM, INC.
              Whois Server: whois.godaddy.com
              Referral URL: http://registrar.godaddy.com
              Name Server: NS12.ZONEEDIT.COM
              Name Server: NS19.ZONEEDIT.COM
              Status: clientDeleteProhibited
              Status: clientRenewProhibited
              Status: clientTransferProhibited
              Status: clientUpdateProhibited
              Updated Date: 25-nov-2009
              Creation Date: 24-nov-2003
              Expiration Date: 24-nov-2010

              >>> Last update of whois database: Tue, 29 Dec 2009 04:34:01 UTC <<<

              <snip>


              Registrant:
              Domains by Proxy, Inc.
              DomainsByProxy.com
              15111 N. Hayden Rd., Ste 160, PMB 353
              Scottsdale, Arizona 85260
              United States

              Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
              Domain Name: DODGIT.COM
              Created on: 24-Nov-03
              Expires on: 24-Nov-10
              Last Updated on: 25-Nov-09

              Administrative Contact:
              Private, Registration DODGIT.COM@...
              Domains by Proxy, Inc.
              DomainsByProxy.com
              15111 N. Hayden Rd., Ste 160, PMB 353
              Scottsdale, Arizona 85260
              United States
              (480) 624-2599 Fax -- (480) 624-2598

              Technical Contact:
              Private, Registration DODGIT.COM@...
              Domains by Proxy, Inc.
              DomainsByProxy.com
              15111 N. Hayden Rd., Ste 160, PMB 353
              Scottsdale, Arizona 85260
              United States
              (480) 624-2599 Fax -- (480) 624-2598

              Domain servers in listed order:
              NS12.ZONEEDIT.COM
              NS19.ZONEEDIT.COM
            • Al
              al@P5Q:~$ whois trashymail.com Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to
              Message 6 of 12 , Dec 28, 2009
              • 0 Attachment
                al@P5Q:~$ whois trashymail.com

                Domain names in the .com and .net domains can now be registered
                with many different competing registrars. Go to http://www.internic.net
                for detailed information.

                Domain Name: TRASHYMAIL.COM
                Registrar: GODADDY.COM, INC.
                Whois Server: whois.godaddy.com
                Referral URL: http://registrar.godaddy.com
                Name Server: NS51.DOMAINCONTROL.COM
                Name Server: NS52.DOMAINCONTROL.COM
                Status: clientDeleteProhibited
                Status: clientRenewProhibited
                Status: clientTransferProhibited
                Status: clientUpdateProhibited
                Updated Date: 02-apr-2009
                Creation Date: 23-apr-2007
                Expiration Date: 23-apr-2011

                >>> Last update of whois database: Tue, 29 Dec 2009 05:14:58 UTC <<<

                Please note: the registrant of the domain name is specified
                in the "registrant" field. In most cases, GoDaddy.com, Inc.
                is not the registrant of domain names listed in this database.


                Registrant:
                Michael Weber
                2-4-3 Minami Ogikubo
                Tokyo, Tokyo 1670052
                Japan

                Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
                Domain Name: TRASHYMAIL.COM
                Created on: 23-Apr-07
                Expires on: 23-Apr-11
                Last Updated on: 02-Apr-09

                Administrative Contact:
                Weber, Michael wwwmichi@...
                2-4-3 Minami Ogikubo
                Tokyo, Tokyo 1670052
                Japan
                5055396801 Fax --

                Technical Contact:
                Weber, Michael wwwmichi@...
                2-4-3 Minami Ogikubo
                Tokyo, Tokyo 1670052
                Japan
                5055396801 Fax --

                Domain servers in listed order:
                NS51.DOMAINCONTROL.COM
                NS52.DOMAINCONTROL.COM
              • Axel Berger
                ... After having had a look at the three scripts I went out on a limb and ran them in Opera on W98. I hope I m still clean, but am mildly confident. But to be
                Message 7 of 12 , Dec 28, 2009
                • 0 Attachment
                  Al wrote:
                  > masquerade -- ie something that "appears to be" something
                  > that it is not. Many people (make a mistake) and run that

                  After having had a look at the three scripts I went out on a limb and
                  ran them in Opera on W98. I hope I'm still clean, but am mildly
                  confident. But to be honest, someone falling for that kind of
                  meaningless film show must be very naive, in less polite company I might
                  have said something else. And running a full fledged exe from that
                  provenience - I ask you.

                  Axel
                • Al
                  ... They were likely engineered for Win XP whereby they likely do not work on Win 98 I d run them in my Linux. But, somehow, Linux isn t Win. So, somehow,
                  Message 8 of 12 , Dec 28, 2009
                  • 0 Attachment
                    Axel Berger wrote:
                    > Al wrote:
                    >
                    >> masquerade -- ie something that "appears to be" something
                    >> that it is not. Many people (make a mistake) and run that
                    >>
                    >
                    > After having had a look at the three scripts I went out on a limb and
                    > ran them in Opera on W98. I hope I'm still clean, but am mildly
                    > confident.
                    They were likely engineered for Win XP whereby they likely do not work
                    on Win 98

                    I'd run them in my Linux. But, somehow, Linux isn't Win. So, somehow,
                    they don't run, even if I try to run them. Is that what you call "built
                    in virus protection?"

                    al@P5Q:~$ cat /etc/slackware-version
                    Slackware 12.2.0
                    al@P5Q:~$

                    Har har <grin>. And, yes, I know "support libraries, environment, etc."
                    do not at all match up (not even whatsoever) between Linux and Win.

                    That's what wine is for. And also, virtual machine.
                    > But to be honest, someone falling for that kind of
                    > meaningless film show must be very naive,
                    My 87 year old father fell for it. He had upwards of 50 viruses on his
                    Win XP. But I got him on Linux now. Problem solved.

                    --
                    Alan.



                    [Non-text portions of this message have been removed]
                  • Larry Hamilton
                    Charles, This is very suspicious behavior. I recommend avoiding anything to do with this until you have done a thorough scan of your system. I recommend using
                    Message 9 of 12 , Dec 30, 2009
                    • 0 Attachment
                      Charles,

                      This is very suspicious behavior. I recommend avoiding anything to do
                      with this until you have done a thorough scan of your system.

                      I recommend using the free version of MalwareBytes from
                      http://www.malwarebytes.org/mbam.php. Do the full scan after updating
                      to the latest signature file.

                      I also recommend that you get up-to-date anti-virus software. A good
                      free one is Microsoft Security Essentials. It is for WinXP, Vista and
                      Win7.

                      If the MalwareBytes does not install or finds nothing, then I would be
                      very surprised.

                      Google also has a safe browsing page and lists rootbeerkit.com as suspicious.

                      http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=rootbeerkit.com

                      HTH,

                      ~ Larry

                      On Sat, Dec 26, 2009 at 7:42 PM, cefwis
                      <charlie53520-subscriptions@...> wrote:
                      > Twice recently, my web brouser has somehow been directed (don't know how) to a site that purportedly performs a quick scan of my system and then returns a doomsday report listing hundreds of trojans and other evil beings lurking on my computer, just waiting to attack.  To remove them, the site asks me to click a button, which downloads a program called "install.exe."  I have not run this program and am a bit suspicious, since the site from which it originates appears to be something called rootbeerkit.com.  Never heard of it.
                      >
                      > Has anybody else had this experience?  Is rootbeerkit.com legit or a scam?  Thanks, and Happy New Year!
                      >
                      > -Charlie
                      >
                      > ---------
                      >
                      > Charles E. Friederich  -  cefwis@...
                      > 601 10th St.  Brodhead, WI  53520   608-897-2399
                    Your message has been successfully submitted and would be delivered to recipients shortly.