When Adware.Ipinsight is installed, it does the following:
- Creates the folder %ProgramFiiles%\ip.
Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
- Creates files in %Windir% folder.
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- May drop the file %Windir%\Sentry.ini
- Creates the following registry subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\App Management\ARPCache\IPInsight
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Uninstall\IPInsight
- Adds the values:
"Sentry"=%windir%\sentry.exe"
"Belt"=%windir%\Belt.exe"
"conscorr" = "[PATH TO THE ADWARE FILE]\conscorr.exe"
to the registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
