Hey All,

Recently I got infected (if you can call it that) by a parasite .dll from a spyware company called ipinsight.com. This "infection" monitors your browser activitiy, sends information to a server, silently installs updates and files as well as add links to your browser and icons to your desktop.

Using a spyware buster (I used SpySweeper *freeware* from TuCows.com) but because it's a .dll file (ipinsigt.dll) it is loaded into windows and cannot be removed by a cleaner.

I removed it manually with information I found from doxdesk.com

For those infection by this or other kinds of stubborn spyware, read below:

*Also note: IpInsight cost me lots of money this month! My usual monthly upload count is near 1gig, this month surpassed 3gigs! Because of that I have to pay an extra 2gigs of web usage! Mother ****er!

Description
IPInsight is a process or IE Browser Helper Object that monitors addresses entered into web forms, ostensibly to try to make a database of physical locations of IP addresses.

Variants
IPInsight/Sentry: installs a process Sentry.exe and datafile Sentry.ini in the Windows folder. This variant cannot be detected by the script at this site.

IPInsight/Ipinsigt: a reimplementation of the original Sentry as a BHO, provided by IPINSIGT.DLL in the Windows folder. This code is based on the Transponder parasite from Mindset Interactive; there is even a leftover message from Transponder/VX2 in the code about the software opening pop-up ads, which it doesn't!

IPInsight also make connection monitoring software that is included in some ISP's installation discs. This is not the same software as the 'IPInsight' parasite and is not detected by the script at this site.

Distribution
Bundled with Morpheus 2 and software from Blue Haven Media.

What it does
Advertising
No.

Privacy violation
Yes. Any address information you enter into a form using Internet Explorer is leaked to the IPInsight's servers, along with a unique ID. Their privacy policy claims any house number sent is 'rounded' so as not to pass a completely accurate address.

Security issues
Yes. Can silently download and install updates.

Stability problems
No.

Removal
IPInsight/Ipinsigt should have an entry in Add/Remove Programs, which removes the software from the current setup adequately.

However it leaves a copy behind in the 'last known good setup' which may reappear if you boot using this option. Delete the file IPINSIGT.DLL from the LastGood folder in the Windows folder, and IPINSIGT.PNF and IPINSIGT.inf from the LastGood\INF folder. Finally you can remove IPInsigt from the hidden 'inf' folder in the Windows folder to clean up.

Spybot Search & Destroy can remove IPInsight.

Manual removal
Sentry variant: open the registry (Start->Run->regedit) and open the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'Sentry' entry. Reboot Windows and delete Sentry.exe and Sentry.ini in the Windows folder.

Ipinsigt variant: open a DOS command prompt window (Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u "..\IPINSIGT.DLL"
Reboot Windows and delete IPINSIGT.DLL in the Windows folder. You can also delete the registry key HKEY_LOCAL_MACHINE\Software\IPInsight to clean up if you wish. Then see the LastGood removal instructions above.