Loading ...
Sorry, an error occurred while loading the content.

Re: [NTO] Is rootbeerkit.com a scam?

Expand Messages
  • Al
    ... Be more than a bit suspicious. And, Do not run that. delete it. bit bucket
    Message 1 of 12 , Dec 28, 2009
    • 0 Attachment
      <snip a web site pronounced my computer as having trojans and viruses on
      it.>
      > To remove them, (the viruses) the site asks me to click a button, which downloads a program called "install.exe." I have not run this program and am a bit suspicious
      Be more than a bit suspicious. And, Do not run that. delete it. bit
      bucket in the sky, etc. empty trash too.
      > Has anybody else had this experience? Is rootbeerkit.com legit or a scam? Thanks, and Happy New Year
      social engineering, phishing, whatever you want to call it, is
      widespread on the www.

      masquerade -- ie something that "appears to be" something that it is
      not. Many people (make a mistake) and run that - and in so doing - they
      install a virus/spyware onto their computer -- it continues to
      masquerade as a protection against virus/trojan. But, after a while --
      guess what? You'll never guess -- it wants money (your dangers have
      escalated, therefore you need me now more than ever -- your trial period
      is over - send money to thus and such place

      Only use known and trusted sources to direct yourself to where you
      procure software for yourself.

      My Linux console has whois app which can search whois database. Two
      whois search results follow.

      al@P5Q:~$ whois rootbeerkit.com

      Domain names in the .com and .net domains can now be registered
      with many different competing registrars. Go to http://www.internic.net
      for detailed information.

      Domain Name: ROOTBEERKIT.COM
      Registrar: REGTIME LTD.
      Whois Server: whois.regtime.net
      Referral URL: http://www.webnames.ru

      Name Server: NS1.ROOTBEERKIT.COM
      Name Server: NS2.ROOTBEERKIT.COM
      Status: ok
      Updated Date: 26-dec-2009
      Creation Date: 24-dec-2009
      Expiration Date: 24-dec-2010

      >>> Last update of whois database: Tue, 29 Dec 2009 04:33:30 UTC <<<

      <snip>

      Domain name: rootbeerkit.com

      Name servers:
      ns1.rootbeerkit.com
      ns2.rootbeerkit.com

      Registrar: Regtime Ltd.
      Creation date: 2009-12-24
      Expiration date: 2010-12-24
      Status: active

      Registrant:
      James Morgan
      Email: jamesmmorgan@...
      Organization: Private person
      Address: 1613 Clair Street
      City: Killeen
      State: TX
      ZIP: 76541
      Country: US
      Phone: +1.2546165772
      Fax: +1.2546165772
      Administrative Contact:
      Anna Gregory
      Email: annafgregory@...
      Organization: Private person
      Address: 3230 Hinkle Deegan Lake Road
      City: ALLEN
      State: KY
      ZIP: 41601
      Country: US
      Phone: +1.6069756207
      Fax: +1.6069756207
      Technical Contact:
      Shirley Rhodes
      Email: shirleyjrhodes@...
      Organization: Private person
      Address: 1950 Holt Street
      City: Boca Raton
      State: FL
      ZIP: 33432
      Country: US
      Phone: +1.5613479912
      Fax: +1.5613479912
      Billing Contact:
      James Morgan
      Email: jamesmmorgan@...
      Organization: Private person
      Address: 1613 Clair Street
      City: Killeen
      State: TX
      ZIP: 76541
      Country: US
      Phone: +1.2546165772
      Fax: +1.2546165772



      al@P5Q:~$ whois dodgit.com

      Domain names in the .com and .net domains can now be registered
      with many different competing registrars. Go to http://www.internic.net
      for detailed information.

      Domain Name: DODGIT.COM
      Registrar: GODADDY.COM, INC.
      Whois Server: whois.godaddy.com
      Referral URL: http://registrar.godaddy.com
      Name Server: NS12.ZONEEDIT.COM
      Name Server: NS19.ZONEEDIT.COM
      Status: clientDeleteProhibited
      Status: clientRenewProhibited
      Status: clientTransferProhibited
      Status: clientUpdateProhibited
      Updated Date: 25-nov-2009
      Creation Date: 24-nov-2003
      Expiration Date: 24-nov-2010

      >>> Last update of whois database: Tue, 29 Dec 2009 04:34:01 UTC <<<

      <snip>


      Registrant:
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States

      Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
      Domain Name: DODGIT.COM
      Created on: 24-Nov-03
      Expires on: 24-Nov-10
      Last Updated on: 25-Nov-09

      Administrative Contact:
      Private, Registration DODGIT.COM@...
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599 Fax -- (480) 624-2598

      Technical Contact:
      Private, Registration DODGIT.COM@...
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599 Fax -- (480) 624-2598

      Domain servers in listed order:
      NS12.ZONEEDIT.COM
      NS19.ZONEEDIT.COM
    • Al
      al@P5Q:~$ whois trashymail.com Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to
      Message 2 of 12 , Dec 28, 2009
      • 0 Attachment
        al@P5Q:~$ whois trashymail.com

        Domain names in the .com and .net domains can now be registered
        with many different competing registrars. Go to http://www.internic.net
        for detailed information.

        Domain Name: TRASHYMAIL.COM
        Registrar: GODADDY.COM, INC.
        Whois Server: whois.godaddy.com
        Referral URL: http://registrar.godaddy.com
        Name Server: NS51.DOMAINCONTROL.COM
        Name Server: NS52.DOMAINCONTROL.COM
        Status: clientDeleteProhibited
        Status: clientRenewProhibited
        Status: clientTransferProhibited
        Status: clientUpdateProhibited
        Updated Date: 02-apr-2009
        Creation Date: 23-apr-2007
        Expiration Date: 23-apr-2011

        >>> Last update of whois database: Tue, 29 Dec 2009 05:14:58 UTC <<<

        Please note: the registrant of the domain name is specified
        in the "registrant" field. In most cases, GoDaddy.com, Inc.
        is not the registrant of domain names listed in this database.


        Registrant:
        Michael Weber
        2-4-3 Minami Ogikubo
        Tokyo, Tokyo 1670052
        Japan

        Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
        Domain Name: TRASHYMAIL.COM
        Created on: 23-Apr-07
        Expires on: 23-Apr-11
        Last Updated on: 02-Apr-09

        Administrative Contact:
        Weber, Michael wwwmichi@...
        2-4-3 Minami Ogikubo
        Tokyo, Tokyo 1670052
        Japan
        5055396801 Fax --

        Technical Contact:
        Weber, Michael wwwmichi@...
        2-4-3 Minami Ogikubo
        Tokyo, Tokyo 1670052
        Japan
        5055396801 Fax --

        Domain servers in listed order:
        NS51.DOMAINCONTROL.COM
        NS52.DOMAINCONTROL.COM
      • Axel Berger
        ... After having had a look at the three scripts I went out on a limb and ran them in Opera on W98. I hope I m still clean, but am mildly confident. But to be
        Message 3 of 12 , Dec 28, 2009
        • 0 Attachment
          Al wrote:
          > masquerade -- ie something that "appears to be" something
          > that it is not. Many people (make a mistake) and run that

          After having had a look at the three scripts I went out on a limb and
          ran them in Opera on W98. I hope I'm still clean, but am mildly
          confident. But to be honest, someone falling for that kind of
          meaningless film show must be very naive, in less polite company I might
          have said something else. And running a full fledged exe from that
          provenience - I ask you.

          Axel
        • Al
          ... They were likely engineered for Win XP whereby they likely do not work on Win 98 I d run them in my Linux. But, somehow, Linux isn t Win. So, somehow,
          Message 4 of 12 , Dec 28, 2009
          • 0 Attachment
            Axel Berger wrote:
            > Al wrote:
            >
            >> masquerade -- ie something that "appears to be" something
            >> that it is not. Many people (make a mistake) and run that
            >>
            >
            > After having had a look at the three scripts I went out on a limb and
            > ran them in Opera on W98. I hope I'm still clean, but am mildly
            > confident.
            They were likely engineered for Win XP whereby they likely do not work
            on Win 98

            I'd run them in my Linux. But, somehow, Linux isn't Win. So, somehow,
            they don't run, even if I try to run them. Is that what you call "built
            in virus protection?"

            al@P5Q:~$ cat /etc/slackware-version
            Slackware 12.2.0
            al@P5Q:~$

            Har har <grin>. And, yes, I know "support libraries, environment, etc."
            do not at all match up (not even whatsoever) between Linux and Win.

            That's what wine is for. And also, virtual machine.
            > But to be honest, someone falling for that kind of
            > meaningless film show must be very naive,
            My 87 year old father fell for it. He had upwards of 50 viruses on his
            Win XP. But I got him on Linux now. Problem solved.

            --
            Alan.



            [Non-text portions of this message have been removed]
          • Larry Hamilton
            Charles, This is very suspicious behavior. I recommend avoiding anything to do with this until you have done a thorough scan of your system. I recommend using
            Message 5 of 12 , Dec 30, 2009
            • 0 Attachment
              Charles,

              This is very suspicious behavior. I recommend avoiding anything to do
              with this until you have done a thorough scan of your system.

              I recommend using the free version of MalwareBytes from
              http://www.malwarebytes.org/mbam.php. Do the full scan after updating
              to the latest signature file.

              I also recommend that you get up-to-date anti-virus software. A good
              free one is Microsoft Security Essentials. It is for WinXP, Vista and
              Win7.

              If the MalwareBytes does not install or finds nothing, then I would be
              very surprised.

              Google also has a safe browsing page and lists rootbeerkit.com as suspicious.

              http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=rootbeerkit.com

              HTH,

              ~ Larry

              On Sat, Dec 26, 2009 at 7:42 PM, cefwis
              <charlie53520-subscriptions@...> wrote:
              > Twice recently, my web brouser has somehow been directed (don't know how) to a site that purportedly performs a quick scan of my system and then returns a doomsday report listing hundreds of trojans and other evil beings lurking on my computer, just waiting to attack.  To remove them, the site asks me to click a button, which downloads a program called "install.exe."  I have not run this program and am a bit suspicious, since the site from which it originates appears to be something called rootbeerkit.com.  Never heard of it.
              >
              > Has anybody else had this experience?  Is rootbeerkit.com legit or a scam?  Thanks, and Happy New Year!
              >
              > -Charlie
              >
              > ---------
              >
              > Charles E. Friederich  -  cefwis@...
              > 601 10th St.  Brodhead, WI  53520   608-897-2399
            Your message has been successfully submitted and would be delivered to recipients shortly.