Watch Out for cleanup-registry.net!

Introduction

I got a ping this morning from a website called cleanup-registry.net   It arrived because I’d been referenced as a website in the network setup using the plugin, “Related Websites” by the Blog Traffic Exchange (actually, it may be time to knock this experiment on the head as generally, the sites are only loosely related and have poor linkage otherwise).

Whatever; the link referenced an old post of mine about Microsoft software problems here.  Notionally, the website looks okay and professional – but I smelled a rat!

cleanup-registry.net

Cleanup-Registry.net
Cleanup-Registry.net

This is a screenshot of the whole post (at ).  So I did a search on the user’s  error message:

‘The DOTNETFX35SETUP.EXE file is linked to missing export NTDLL.DLL:NtShutdownSystem.’ (it turns out later that I should have just done a search on the text in the first paragraph of the post…)

Yahoo!Answers page
Yahoo!Answers page

About six entries down in the Google search results, is this page from the respected ‘Yahoo! Answers’ forums website, shown at left.

The screen-shots of each WILL blow up to full-size, but to save you making direct textual comparisons, let me tell you now that the text in both, and one comment, the accepted answer in Yahoo! Answers, is EXACTLY the same!

For your interest, the accepted answer is that the OS’s are incompatible and there’s a fix described.

The real problem is the dates!  cleanup-registry.net’s is the 8th September 2009;  Yahoo! Answer’s is from 8 months ago!

Conclusion

What we are seeing is the same sort of tactic employed by the Google Treasure Chest scammers of a fake blog (now called a flog!) being used as part of a selling campaign.  They’ve content-scraped decent content and passed it off as their own as a means of justifying their flogging area.

Q. Their product?

A. They are trying to sell a registry cleaner type software and a computer maintenance service ($25 per month!) in Las Vegas.

All of this is done under the banner of some fairly useful video how-tos and some less worthy content scraping from other websites….

The killer bits are that all the ‘blog’ entries are dated 24/9/2009 (apart from the odd one) and all the pages and how-tos are dated 24/7/2009!!!

Furthermore, the domain owner is hidden by our old friends at Domains by Proxy..

Do you really trust this sort of stuff?  I don’t.  Whether it’s supporting malware or not, it’s selling by devious means using the same methods as used by zillions of scams worldwide.

Caveat Emptor – buyer beware!

By Strangely

Founding member of the band Crawling Chaos from the North-East of England

2 comments

  1. I would like to point out that any site can use the plugin but only quality sites get API keys.

    This site does not have a valid API key. Which means it is not having it's content/links published on member sites.

    1. Thanks @BTE. I understand that. I do have an API though and my usage of the system (indeed all aspects and tools I that use on this website, so I'm not specifically picking on the BTE plugin), is still under review.
      I must admit that some BTE sites are valid and useful additional links. Some are pants though – it's the nature of the web. The point about this website that I'm trying to make though, is NOT the method that I found it, as I'm pinged all day long by thousands of comment spammers and forged registrations, but rather the way the site is constructed, how it gets it's content, and why they are doing what they are doing.

      Rees

Comments are closed.