ipclient.exe
Visual IP InSight by Visual Networks
| Version: | 5.8.0.13 |
| MD5: | b2a84cee46eea964def241ad230ce325 |
| SHA1: | b20b695d53db9a36497579a4b0aa952fbf0117e4 |
| SHA256: | 28b661fb16c3c405730e5ebb926b093376058f774053690eee95079b851c1528 |
Warning 4 antivirus scanners has detected malware.
About ipclient.exe (from Visual Networks)
“The Visual IP InSight Client is a utility that monitors the performance of Windows Dial-Up Networking call attempts. Like other "test and diagnostic" software, its goal is to improve the quality of ”
Overview
ipclient.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). This is typically installed with the program EarthLink FastLane published by EarthLink, Inc..
Details
| File name: | ipclient.exe |
| Publisher: | Visual Networks |
| Product name: | Visual IP InSight |
| Description: | IP Session Statistics |
| Typical file path: | C:\Program Files\visual networks\visual ip insight\sbc\ipclient.exe |
| Original name: | ipclient32.exe |
| File version: | 5.8.0.13 |
| Size: | 372 KB (380,928 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following program will install this file
“Fast Lane is the latest component of EarthLink’s plans to further decrease churn, increase satisfaction and inspire loyalty within its member base. By gathering previously unavailable connection data automatically from individual computers, Fast Lane allows EarthLink to identify members having trouble getting online and contact them proactively with a solution. The company also uses aggregated Fast Lane information to monitor and resolv...”
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'IPInSightLAN 01' → "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| avast! |
4.8.1351.0 |
Win32:Malware-gen |
| Avast5 |
5.0.332.0 |
Win32:Malware-gen |
| G Data |
13.4.21 |
Win32:Malware-gen |
| McAfee Gateway Anti-Malware |
v2010.1-dat |
Heuristic.BehavesLike.Win32.CodeInjection.H |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00047924% | |
| Kernel CPU: | 0.00040104% | |
| User CPU: | 0.00007820% | |
| Kernel CPU time: | 3,719 ms/min | |
| Memory |
| Private memory: | 2.45 MB | |
| Private (maximum): | 9.83 MB | |
| Private (minimum): | 9.74 MB | |
| Non-paged memory: | 2.45 MB | |
| Virtual memory: | 32.5 MB | |
| Virtual memory (peak): | 34.63 MB | |
| Working set: | 9.74 MB | |
| Working set (peak): | 9.83 MB | |
| I/O |
| I/O read transfer: | 7.65 KB/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 132 Bytes/sec | |
| I/O write operations: | 3/sec | |
| I/O other transfer: | 5.91 KB/sec | |
| I/O other operations: | 81/sec | |
| Resource allocations |
| Threads: | 8 | |
| Handles: | 130 | |
| GUI GDI count: | 11 | |
| GUI USER count: | 10 | |
Process properties
Threads
Averages
| IPClient.exe (main module) |
| Total CPU: | 0.00106908% | |
| Kernel CPU: | 0.00051490% | |
| User CPU: | 0.00055418% | |
| Memory: | 384 KB | |
| WS2_32.dll |
| Total CPU: | 0.00009686% | |
| Kernel CPU: | 0.00001761% | |
| User CPU: | 0.00007925% | |
| Memory: | 92 KB | |
| ipvnmn32.dll (Visual IP InSight by Visual Networks) |
| Total CPU: | 0.00000873% | |
| Kernel CPU: | 0.00000873% | |
| User CPU: | 0.00000000% | |
| Memory: | 68 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
100.00% |
|
Distribution by country
United States installs about 100.00% of Visual IP InSight.
