Loading ...
Sorry, an error occurred while loading the content.

Re: [NTO] Is rootbeerkit.com a scam?

Expand Messages
  • Stephen Riddle
    When I have such a question, I visit one of the domainTools sites such as http://whois.domaintools.com/ ... http://whois.domaintools.com/rootbeerkit.com All I
    Message 1 of 12 , Dec 27, 2009
    • 0 Attachment
      When I have such a question, I visit one of the domainTools sites such as
      http://whois.domaintools.com/
      >>>>>>
      http://whois.domaintools.com/rootbeerkit.com

      All I would need to know, is the contact information is addresses like:

      jammesmmorgan@...,
      dodgit.com is a website that does nothing but provide
      temporary email addresses (for some loss of privacy and security, I suspect).
      Also "James Morgan" owns about 338 other domains.
      My verdict. You are right, don't trust him.
      If I were using FireFox, I would block this web address.
      Then, I would block it with my firewall settings.


      On Sun, 27 Dec 2009 10:34:09 +0100
      loro <tabbie@...> wrote:

      > Charlie wrote:
      > >Twice recently, my web brouser has somehow been directed (don't know
      > >how) to a site that purportedly performs a quick scan of my system
      > >and then returns a doomsday report listing hundreds of trojans and
      > >other evil beings lurking on my computer, just waiting to attack.
      >
      > Scam. Maybe malware, maybe they just try to sell you a program you
      > don't need. I've been roped in lots of times, but never stayed long
      > enough to find out what it's about. An annoyance for sure.
      >
      > >To remove them, the site asks me to click a button, which downloads
      > >a program called "install.exe." I have not run this program and am
      > >a bit suspicious, since the site from which it originates appears to
      > >be something called rootbeerkit.com. Never heard of it.
      >
      > They have different domains, I think. I recognize the setup and the
      > site, but not the domain name. I think I would have remembered it
      > since the name is rather funny. You don't have a virus anyway, at
      > least you hadn't before you went there. They do it through ads on
      > other sites that redirect you to their site. I don't think you have
      > to worry, I haven't gotten anything as far as I've noticed, but don't
      > run that installer.
      >
      > Lotta
      >


      --
      Stephen Riddle <stephen@...>
    • thefrankwmx
      If they are not selling a kit to make root beer, then who cares? Happy New Year to all! tf
      Message 2 of 12 , Dec 28, 2009
      • 0 Attachment
        If they are not selling a kit to make root beer, then who cares?

        Happy New Year to all!

        tf
      • Al
        ... Be more than a bit suspicious. And, Do not run that. delete it. bit bucket
        Message 3 of 12 , Dec 28, 2009
        • 0 Attachment
          <snip a web site pronounced my computer as having trojans and viruses on
          it.>
          > To remove them, (the viruses) the site asks me to click a button, which downloads a program called "install.exe." I have not run this program and am a bit suspicious
          Be more than a bit suspicious. And, Do not run that. delete it. bit
          bucket in the sky, etc. empty trash too.
          > Has anybody else had this experience? Is rootbeerkit.com legit or a scam? Thanks, and Happy New Year
          social engineering, phishing, whatever you want to call it, is
          widespread on the www.

          masquerade -- ie something that "appears to be" something that it is
          not. Many people (make a mistake) and run that - and in so doing - they
          install a virus/spyware onto their computer -- it continues to
          masquerade as a protection against virus/trojan. But, after a while --
          guess what? You'll never guess -- it wants money (your dangers have
          escalated, therefore you need me now more than ever -- your trial period
          is over - send money to thus and such place

          Only use known and trusted sources to direct yourself to where you
          procure software for yourself.

          My Linux console has whois app which can search whois database. Two
          whois search results follow.

          al@P5Q:~$ whois rootbeerkit.com

          Domain names in the .com and .net domains can now be registered
          with many different competing registrars. Go to http://www.internic.net
          for detailed information.

          Domain Name: ROOTBEERKIT.COM
          Registrar: REGTIME LTD.
          Whois Server: whois.regtime.net
          Referral URL: http://www.webnames.ru

          Name Server: NS1.ROOTBEERKIT.COM
          Name Server: NS2.ROOTBEERKIT.COM
          Status: ok
          Updated Date: 26-dec-2009
          Creation Date: 24-dec-2009
          Expiration Date: 24-dec-2010

          >>> Last update of whois database: Tue, 29 Dec 2009 04:33:30 UTC <<<

          <snip>

          Domain name: rootbeerkit.com

          Name servers:
          ns1.rootbeerkit.com
          ns2.rootbeerkit.com

          Registrar: Regtime Ltd.
          Creation date: 2009-12-24
          Expiration date: 2010-12-24
          Status: active

          Registrant:
          James Morgan
          Email: jamesmmorgan@...
          Organization: Private person
          Address: 1613 Clair Street
          City: Killeen
          State: TX
          ZIP: 76541
          Country: US
          Phone: +1.2546165772
          Fax: +1.2546165772
          Administrative Contact:
          Anna Gregory
          Email: annafgregory@...
          Organization: Private person
          Address: 3230 Hinkle Deegan Lake Road
          City: ALLEN
          State: KY
          ZIP: 41601
          Country: US
          Phone: +1.6069756207
          Fax: +1.6069756207
          Technical Contact:
          Shirley Rhodes
          Email: shirleyjrhodes@...
          Organization: Private person
          Address: 1950 Holt Street
          City: Boca Raton
          State: FL
          ZIP: 33432
          Country: US
          Phone: +1.5613479912
          Fax: +1.5613479912
          Billing Contact:
          James Morgan
          Email: jamesmmorgan@...
          Organization: Private person
          Address: 1613 Clair Street
          City: Killeen
          State: TX
          ZIP: 76541
          Country: US
          Phone: +1.2546165772
          Fax: +1.2546165772



          al@P5Q:~$ whois dodgit.com

          Domain names in the .com and .net domains can now be registered
          with many different competing registrars. Go to http://www.internic.net
          for detailed information.

          Domain Name: DODGIT.COM
          Registrar: GODADDY.COM, INC.
          Whois Server: whois.godaddy.com
          Referral URL: http://registrar.godaddy.com
          Name Server: NS12.ZONEEDIT.COM
          Name Server: NS19.ZONEEDIT.COM
          Status: clientDeleteProhibited
          Status: clientRenewProhibited
          Status: clientTransferProhibited
          Status: clientUpdateProhibited
          Updated Date: 25-nov-2009
          Creation Date: 24-nov-2003
          Expiration Date: 24-nov-2010

          >>> Last update of whois database: Tue, 29 Dec 2009 04:34:01 UTC <<<

          <snip>


          Registrant:
          Domains by Proxy, Inc.
          DomainsByProxy.com
          15111 N. Hayden Rd., Ste 160, PMB 353
          Scottsdale, Arizona 85260
          United States

          Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
          Domain Name: DODGIT.COM
          Created on: 24-Nov-03
          Expires on: 24-Nov-10
          Last Updated on: 25-Nov-09

          Administrative Contact:
          Private, Registration DODGIT.COM@...
          Domains by Proxy, Inc.
          DomainsByProxy.com
          15111 N. Hayden Rd., Ste 160, PMB 353
          Scottsdale, Arizona 85260
          United States
          (480) 624-2599 Fax -- (480) 624-2598

          Technical Contact:
          Private, Registration DODGIT.COM@...
          Domains by Proxy, Inc.
          DomainsByProxy.com
          15111 N. Hayden Rd., Ste 160, PMB 353
          Scottsdale, Arizona 85260
          United States
          (480) 624-2599 Fax -- (480) 624-2598

          Domain servers in listed order:
          NS12.ZONEEDIT.COM
          NS19.ZONEEDIT.COM
        • Al
          al@P5Q:~$ whois trashymail.com Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to
          Message 4 of 12 , Dec 28, 2009
          • 0 Attachment
            al@P5Q:~$ whois trashymail.com

            Domain names in the .com and .net domains can now be registered
            with many different competing registrars. Go to http://www.internic.net
            for detailed information.

            Domain Name: TRASHYMAIL.COM
            Registrar: GODADDY.COM, INC.
            Whois Server: whois.godaddy.com
            Referral URL: http://registrar.godaddy.com
            Name Server: NS51.DOMAINCONTROL.COM
            Name Server: NS52.DOMAINCONTROL.COM
            Status: clientDeleteProhibited
            Status: clientRenewProhibited
            Status: clientTransferProhibited
            Status: clientUpdateProhibited
            Updated Date: 02-apr-2009
            Creation Date: 23-apr-2007
            Expiration Date: 23-apr-2011

            >>> Last update of whois database: Tue, 29 Dec 2009 05:14:58 UTC <<<

            Please note: the registrant of the domain name is specified
            in the "registrant" field. In most cases, GoDaddy.com, Inc.
            is not the registrant of domain names listed in this database.


            Registrant:
            Michael Weber
            2-4-3 Minami Ogikubo
            Tokyo, Tokyo 1670052
            Japan

            Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
            Domain Name: TRASHYMAIL.COM
            Created on: 23-Apr-07
            Expires on: 23-Apr-11
            Last Updated on: 02-Apr-09

            Administrative Contact:
            Weber, Michael wwwmichi@...
            2-4-3 Minami Ogikubo
            Tokyo, Tokyo 1670052
            Japan
            5055396801 Fax --

            Technical Contact:
            Weber, Michael wwwmichi@...
            2-4-3 Minami Ogikubo
            Tokyo, Tokyo 1670052
            Japan
            5055396801 Fax --

            Domain servers in listed order:
            NS51.DOMAINCONTROL.COM
            NS52.DOMAINCONTROL.COM
          • Axel Berger
            ... After having had a look at the three scripts I went out on a limb and ran them in Opera on W98. I hope I m still clean, but am mildly confident. But to be
            Message 5 of 12 , Dec 28, 2009
            • 0 Attachment
              Al wrote:
              > masquerade -- ie something that "appears to be" something
              > that it is not. Many people (make a mistake) and run that

              After having had a look at the three scripts I went out on a limb and
              ran them in Opera on W98. I hope I'm still clean, but am mildly
              confident. But to be honest, someone falling for that kind of
              meaningless film show must be very naive, in less polite company I might
              have said something else. And running a full fledged exe from that
              provenience - I ask you.

              Axel
            • Al
              ... They were likely engineered for Win XP whereby they likely do not work on Win 98 I d run them in my Linux. But, somehow, Linux isn t Win. So, somehow,
              Message 6 of 12 , Dec 28, 2009
              • 0 Attachment
                Axel Berger wrote:
                > Al wrote:
                >
                >> masquerade -- ie something that "appears to be" something
                >> that it is not. Many people (make a mistake) and run that
                >>
                >
                > After having had a look at the three scripts I went out on a limb and
                > ran them in Opera on W98. I hope I'm still clean, but am mildly
                > confident.
                They were likely engineered for Win XP whereby they likely do not work
                on Win 98

                I'd run them in my Linux. But, somehow, Linux isn't Win. So, somehow,
                they don't run, even if I try to run them. Is that what you call "built
                in virus protection?"

                al@P5Q:~$ cat /etc/slackware-version
                Slackware 12.2.0
                al@P5Q:~$

                Har har <grin>. And, yes, I know "support libraries, environment, etc."
                do not at all match up (not even whatsoever) between Linux and Win.

                That's what wine is for. And also, virtual machine.
                > But to be honest, someone falling for that kind of
                > meaningless film show must be very naive,
                My 87 year old father fell for it. He had upwards of 50 viruses on his
                Win XP. But I got him on Linux now. Problem solved.

                --
                Alan.



                [Non-text portions of this message have been removed]
              • Larry Hamilton
                Charles, This is very suspicious behavior. I recommend avoiding anything to do with this until you have done a thorough scan of your system. I recommend using
                Message 7 of 12 , Dec 30, 2009
                • 0 Attachment
                  Charles,

                  This is very suspicious behavior. I recommend avoiding anything to do
                  with this until you have done a thorough scan of your system.

                  I recommend using the free version of MalwareBytes from
                  http://www.malwarebytes.org/mbam.php. Do the full scan after updating
                  to the latest signature file.

                  I also recommend that you get up-to-date anti-virus software. A good
                  free one is Microsoft Security Essentials. It is for WinXP, Vista and
                  Win7.

                  If the MalwareBytes does not install or finds nothing, then I would be
                  very surprised.

                  Google also has a safe browsing page and lists rootbeerkit.com as suspicious.

                  http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=rootbeerkit.com

                  HTH,

                  ~ Larry

                  On Sat, Dec 26, 2009 at 7:42 PM, cefwis
                  <charlie53520-subscriptions@...> wrote:
                  > Twice recently, my web brouser has somehow been directed (don't know how) to a site that purportedly performs a quick scan of my system and then returns a doomsday report listing hundreds of trojans and other evil beings lurking on my computer, just waiting to attack.  To remove them, the site asks me to click a button, which downloads a program called "install.exe."  I have not run this program and am a bit suspicious, since the site from which it originates appears to be something called rootbeerkit.com.  Never heard of it.
                  >
                  > Has anybody else had this experience?  Is rootbeerkit.com legit or a scam?  Thanks, and Happy New Year!
                  >
                  > -Charlie
                  >
                  > ---------
                  >
                  > Charles E. Friederich  -  cefwis@...
                  > 601 10th St.  Brodhead, WI  53520   608-897-2399
                Your message has been successfully submitted and would be delivered to recipients shortly.