I find a file under
C:\windows folder
it is called sentry.exe 76Kb
This file is just installed in 2 Sept without
my notice!

The company info of this file is IP Insight
and the decription of the file is strange!
like this...

SentryStub.exe is a stub installer for the company's IP-Sentry

I have searched this company and it is a advertising company!

is it safe to delete this file?
I am afraid it is not a good file!

Help please, Thanks

the first hit on google came up with a game
http://eicart.free.fr/sentry/
you could send it to the recycle bin and leave it there for a few days to be sure it's not needed.
I would also download either ad-aware
or spybot and check for adware components,
and have one of those programs clean the pc,
of these varmints.

it is also the name of a subseven trojan/virus
so run a free online scan if you don't have antivirus installed on your pc
at either
http://housecall.antivirus.com
http://www.pandasoftware.com/activescan/com/

Might as well get/run Swat It while you're at it.

I also just found this on my pc. In the WINNT folder (w2k). Ad-Aware doesn't show it as spyware and Norton doesn't show it as a virus. Hmmm... If anyone knows where this SentryStub.exe or Sentry.exe comes from please post!

I found the file on my pc, too. Maybe, it's a game!?
Check this link: http://eicart.free.fr/sentry/

I just installed the file share program Grokster and i think thats were SentryStub.exe came from. It also installed 44 different spyware files on my PC.

Morpheus was the culprit on my machine. Good thing Zonealarm caught it for me. Caught that other spyware from Morpheus, too. Pain in the butt to get rid of, though. Gotta download Ad-aware, etc. soon.

I got this dam thing on my computer too.
I found the (sentrystub.exe)file under windows directory then opened it with a word processor to see if I could find any readable text. Almost to the bottom is a URL that contains http://stubmon.ipinsight.net/ipinsight/servlet/
Try different combos with the URL.
For example: http://ipinsight.com and http://ipinsight.net
Try a whois?
I got nothing with the whois, but the domains are not availible either. The .com address is a website that appears to be the type of company to put this .exe file in your computer.
I would contact these guys and see whats up!

Well, I just found it on my system (system directory, file named 'sentry.exe') when norton firewall detected it attempting to connect to the net. On my system, it attempts to contact 'stubmon.ipinsight.com' and is loaded from the registry under the 'Run' key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

On http://www.ipinsight.com/ you can see that this service was provided by a company that offers "...geography and connection speed data based solely on the IP address of your website's visitors."
People who subscribe to this service will get detailed information about WHERE visitors of their sites live !
I will delete it and see what happens - I expect nothing will change exept that this company will no longer be able to sell my privacy ! M@X

Since we know who is behind these intrusions into our privacy, and the email for one of their honchos, I suggest that everyone who finds this junk on their system and reads this thread send a polite email demanding they provide insruuctions for restoring your system to its pre-installation condition. Maybe we should also demand compensation for our time spent removing it. If they dont respond quickly, send another email.

By the way, I've never been able to figure out why when a bright young kid figures out how to break into our computers for whatever reason whether malice or curiosity, he is a considered a criminal hacker but when a marketing company does the same thing, they do so with impunity.

My Norton Personal Firewall never allowed this scumware to invade my privacy. I always received a message stating "medium threat sentry.exe is trying to access the internet" After blocking access I could easily go about my business, but after the fifth time I decided to investigate. This program evades adaware, as it is not a virus per'se so Norton Antivirus does not detect it. It is interesting that the only software mentioned above that also rooted it out was Zone Alarm (another personal firewall). They work! I have just ripped out the file and it's accompanying config file. No problems and my Norton Firewall doesn't warn me anymore. I guess it's gone but, hey you never know...

I recently upgraded my Norton's Firewall and Sentry.exe kpet trying to connect during startup. I deleted the Sentry.exe and Sentry.ini files from C:\Windows. I also removed it from Startup by using msconfig.

I have it too. I'm just going to create a firewall filter rule, rather than just deleting, in case for some reason I should download it again.

It is a stub-installer which means it sits on your hardrive and waits awhile and then tries to contact a site to get the files it wants to install.By itself it is not dangerous(if you have a firewall that is)It could be used to install just about any-kind of software remotley. Get Zone-Alarm and then delete the sucker.This little booger can be found when you download off of kazaa. It hides it self with another download somehow or you catch it off the internet,since I did a temporary internet file related to it,I think I contracted mine from the web.Zone-Alarm.Rules.Period.

I also found this rubbish on my computer, i sent them an e-mail contract, charging them one thousand us dollars for each piece of software that they (or any agents) instal on my computer without prior written agreement. Hope i get a reply. If anyone wants to do same, e-mail me and a can forward the letter to you (i changed it slightly from a similar one for spammers.
j_causier@msn.com

I called Mr. kaufman, daniel. I spoke to him in reguards to this .exe file. this was designed as an opt out file--check a box it is installed, un-check a box it does not install. There are two maybe three files he knew from the top of his head. ipsentry, sentry.exe, and sentrystub.exe. I suggest we all e-mail him and request an un-install file to recover your regestry edit or simply delete the two files or three files listed above. Good luck guys..and ladies.

Follow up to my post...do a system search for "sentry" delete all files labled "sentry" I think there are three...one will pop on again if the first is deleted..make sure you delete it from the recycle bin as soon as possible. The information the sentry was reporting can be found on file sentry.lgc you may read the contents using notepad.

The regestry should update itself when you next boot up.

jgcla1@yahoo.com

I also found this rubbish today, i'm going to send an email to the responsible to make him know my way to think.

My PC was invaded, nor my Anti Virus neither my anti spyware detected it. :-(

hello to you all and thank you to the thread participant or reader who sent me a heads up on this. I have sent this link and the information to our research team for analysis. Though I can't promise immediate targeting (we need to put this through the ringer first)I can assure you we will investigate your reports. Keep up the great work :-)

Mike wood
Team Lavasoft

i also had this installed on my comp i agree that the person should be notified of the action about having things installed on your comp with out your knowledge anyone out there who could do a draft of a letter that we all could send to the culprit and give him our peace of mind

I have found out that some ISPs are using the IP Insight program as a QoS monitoring application. I have confirmed that Bellsouth FastAccess is one of them. I believe Verizon is another, from posts I have seen in other forums.
Do a Google search on "IP Insight" name of your ISP. See what comes up.

The QoS monitoring thing is a different application from the same vendor. It has been around for a while and I am not too worried about it.

The Sentry app, though, I would get rid of ASAP. Open the registry (Start->Run->regedit) and find HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Remove the 'Sentry' entry. Reboot and delete Sentry.exe and Sentry.ini from the Windows folder.

I've just found it on my machine too - well, ZAPro has, to be exact. I don't know where it came from?!?! I'll deal with it quick ;).

PS Could it be, that ZA Pro comes with it? I've recently updated it. Well, it doesn't make any sense to me but who knows? ;)

I found this Sentry thing today, trying to access the internet only to be stopped by Norton.
It's got to be part of either Morpheus or Kazaa because they're the only two things I've downloaded in the last month.
The option not to install this nasty piece of spyware seems a little bogus because a) I don't remember being given the option and b) it waits for 14 days exactly before making itself known.
I feel a re-format coming on...:(

Just discovered the litle b**ger trying to access the Internet, thanks to Zone Alarm. I have not downloaded any files from the internet for weeks!!! But was playing Fighter Ace 3 last night. Perhaps it came down on that as I had to close down Zonealarm to play. If this happens to me again, I think that the offending company who owns Sentry will get more email than it ever bargained for! Invading someone elses computer can be two edged! You have been warned, Kaufman.

It's got to be Morpheus, because I don'r have Kazaa.

I also have this on my system and I am sure it came from Morpheus. Zone Alarm discovered it trying to access the web. I have read some previous comments here about the removal of this thing which involved going into the registry. I am not brave enough to go there so if I leave it where it is and let Zone alarm block it will it do any damage? Or is there a easy way to kill it?

I found it on system as well?

One question to all you computer wizz kids out there can any one make a program which can zap the computers of these moronas i.e. reformat their hard drive or something?

I noticed this annoying SentryStub.exe after I got the BugBear worm...though I also downld from Morpheus..thank goodness for my ZoneAlarm because when asked, I said NO because I didn't recognize the sentry name..I need to call my tech service to be sure how to delete all this rubbish...btw, found AVG FREE virus protection...it's very thorough

I just had Zonealarm notify me of this as well...I did have Morpheus awhile back, but this is the first time it (sentrystub)tried to connect to the internet. freaking Spyware...:-(

Also delete the reference to Sentry.exe in:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

You may have to change the MRUList.

HEY!
Thanks to everyone who posted on how to remove this piece of sh*t from your registry, I have never understood how the whole registry thing works but your instructions made removing the sentry entries quite easy. And I concur Morpheus would seem to be the culprit, although I have Verizon I never saw this til after Morph was installed.

Thanks Much
Charles

Also make sure you disable it in the msconfig> startup folder.
Do a search on your comp. for IPinsight as well.There's an application program in the documents/temp folder about 220kb.

It was on my system too, if it's a bootstrap then I wonder what it bootstraps, one would assume it does it just afted it installs, bit of a worry.

It has to be Morpheus. I installed the latest version two weeks ago, and ZoneAlarm found it tonight. I'm glad I found this thread, so I know it's spyware and not a virus. By the way, my version of ZA is the free one, so you don't NEED to buy it to get basic protection. Also, for anyone out there who doesn't have an anti-virus program, either get one or use one of the web-based ones mentioned above. Symantec (Norton) also has one, and it does a THOROUGH system scan.

More thoughts - perhaps this file deletes itself after it successfuly does its thing, I notice most of the people in this thread are running a firewall which would stop it phoneing home, but for people without a firewall......

I did a find on the mod date of the file before I removed it and found a few other files marked around the same date/time ,ones that looked particualy sus are "Screengenie.scr", "ctoe.exe" and IpInsight.exe .

Hi All

Thank you all for the postings on this!!

I found this file on my system using the Free Zone Alarm program. I have removed it following the advice on this forum. I will let everyone I can know how insidious Morpheus is and recommend they remove it from their system and refuse to support the company.

I've had Morpheus and Limewire for quite a while now (over a month) and this stupid thing showed up today. Since these programs programs do a version check and (probably) automatic updates (to some extent)...I'm wondering if this is something that is automatically downloaded by one of these 2 programs? I'm going to check for it occasionally to see if it shows up again.

Check in windows\applog\ for the file sentry.lgc, and view it with Notepad, looks like quite a few dll files may have been changed.

This thread is starting to get noticed - http://www.cexx.org/adware.htm

way hay ive got it too..

i was starting to feel left out,i found another file SENTRY.EXE-018B1F54.pf
in C:\WINDOWS\Prefetch

this is what it looks like this, i have no idea what it is tho

 \ D E V I C E \ H A R D D I S K V O L U M E 1 \ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ ' \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ t \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 0 . 0 _ X - W W _ 1 3 8 2 D 7 0 A \
etc...

kill that mofo

pls disegard the previous post as i am insane

I also looked at the sentry.lgc log and found way too many dlls modified during its installation. I have removed sentry.lgc. Thanks for this thread!!

I have Norton Internet Security 2002 and it didn't notice sentry.exe or any of the other related files. I bumped into sentry.exe when it tried to phone home.

Ad-Aware did NOT see it. AdSubtract did not stop it. Norton Antivirus did not identify or quarantine it.

I do NOT have Morpheus or Limeware. I used to have Napster but lost interest... just an FYI that it might be more ubiquitous and coming from other places besides Morpheus.

Just a few notes: The entry in HKEY_USERS\Software\CurrentVersion\Windows\.... is just a list of recently searched for files. Sentry was on the list because you searched for it.

Deleting the LGC file doesn't actually do anything other than help keep your system free of excess, useless files. However, I too am bothered by some of the things that are on the list.

I'm moving towards suspecting Morpheus because that's when I started having problems, but I just set up this box and have downloaded *a lot* of software in the past month or so.

I noticed the software when I was going through my Startup tab on MSCONFIG looking for ways to clear up resources. If they didn't want it noticed, it might have been a good idea to pick a different name. It just sounded like bad news due to the fact that no other software has a similar name. If I'd designed it, I would've socially-engineered a better name to keep it unnoticed (hope they don't read that part and come out with FILINTHEBLANK Version 2.0).

I've removed the software and have a number of pieces of software looking around for its friends. I DEFINITELY don't remember filling out a license agreement for that piece of trash, so I'm also on the lookout for a good decompiler. If you know of any that I can easily get my hands on, let me know.

I'm also going to take a good, long look through Morpheus's EULA. I'm betting when I clicked "Agree", I agreed to have some sort of monitoring software on my machine.

Good luck on any of the punishments currently in the works.

I have zoneAlarm and it alerted me to this program. I did not allow it access to the internet. I googled sentry.exe and found this forum.

For those of us who don't have much technical knowledge, it would be great if someone could go though all of the steps necessary to remove the program from one's computer. I notice several people have mentioned different things.

Someone mentioned that the program changes one's "dll" files? Is this bad? Can I change them back?

Thanks in advance

Perhaps it's installed by someone who knows how to exploit file sharing programs like Moebous, Kaaza etc for their own purposes, thus getting through firewalls, I've noticed a lot of modem traffic (like flat out) on Kazza Lite of late even when I'm not downloading or uploading (and I'm not sharing anything, so it's not other users scanning my shared folder).

Those changed DLLs need replacing, probably best to extract the ones needed from the win cab files into a folder and reboot to Dos mode and put them back by hand.

Here's something that nobody else seems to have a problem with- when I told Norton Firewall to permanently block this sentry.exe from the internet, I can no longer access the internet with ANY program! This has happened twice now, and my only solution is to re-install Norton. When I look at my access rules in Norton, all my programs should still have access, but nope...but if I temporarily disable Norton (which I HATE doing), I can get online again. Has anybody else had this issue? It's very irritating. Why would blocking this ONE program suddenly cause Norton to block ALL internet access?

Zone alarm also caught Sentrystub.exe trying to install on my computer from Kazaa. Upon searching for the file, I found that I already have it as well. The file information reads as follows:
SentryStub.exe is a stub installer for the company's
IP-Sentry application -both distributed by IP-Insight Corporation, a
Delaware Corporation. Please see http://www.ipinsight.com for more details.

So, it appears that ipinsight.com is responsible for our difficulties