any info on this? cp.exe

  • Thread starter Thread starter DH
  • Start date Start date
D

DH

I see my firewall notifying me that cp.exe is attempting to contact
someone. I assume this is related to a mp3 service my wife just tried to
use to download a particular tune. I also rec'd info that a program Swi-2
was involved.

Just to be safe I went to dos mode (I'm running Win 98) and removed both
instances of cp.exe.

I've googled both, to include the suspect DNS address 80.69.160.78 , and
have come up with nothing.

I tried to restore my registry from two days ago (using scanreg / restore
also from command prompt from the initial boot up), but could not succeed.
Everything seems OK. You guys have anything to add? Thanks, Dave
 
I see my firewall notifying me that cp.exe is attempting to contact
someone. I assume this is related to a mp3 service my wife just tried to
use to download a particular tune. I also rec'd info that a program Swi-2
was involved.

Just to be safe I went to dos mode (I'm running Win 98) and removed both
instances of cp.exe.

I've googled both, to include the suspect DNS address 80.69.160.78 , and
have come up with nothing.

I tried to restore my registry from two days ago (using scanreg / restore
also from command prompt from the initial boot up), but could not succeed.
Everything seems OK. You guys have anything to add? Thanks, Dave
Click to expand...
Have you scanned your drive with a uptodate antivirus program?
Have you scanned your drive with both AdAware and Spybot?

cp.exe usually is a program for copying files ... unless infected perhaps.

As for the IP address, it is from the Netherlands:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 80.69.160.0 - 80.69.167.255
netname: NLNETSERV
descr: NetServices BV
country: NL
admin-c: TBNS1-RIPE
tech-c: TBNS1-RIPE
tech-c: JHNS1-RIPE
status: ASSIGNED PA
notify: (e-mail address removed)
mnt-by: NETS-MNT
changed: (e-mail address removed) 20021127
source: RIPE

route: 80.69.160.0/21
descr: Netservices
origin: AS25179
notify: (e-mail address removed)
mnt-by: NETS-MNT
changed: (e-mail address removed) 20020912
source: RIPE

person: Terry Bosch
address: Netservices BV
address: Saffierborch 12
address: NL-5241 LN, Rosmalen
address: The Netherlands
phone: +31 73 5230470
e-mail: (e-mail address removed)
nic-hdl: TBNS1-RIPE
mnt-by: NETS-MNT
changed: (e-mail address removed) 20020814
source: RIPE

person: Jesse Heitlager
address: Netservices BV
address: Saffierborch 12
address: NL-5241 LN, Rosmalen
address: The Netherlands
phone: +31 73 5230470
e-mail: (e-mail address removed)
nic-hdl: JHNS1-RIPE
changed: (e-mail address removed) 20021128
source: RIPE


Have no idea what swi is ... what directory is it located in?
 
Have no idea what swi is ... what directory is it located in?

Thanks for all your information. I can't find any trace of that program
on my hard drive. I found two instances of cp.exe and deleted both of
them. Those programs were related to that swi-2 program (as I learned
under properties for that file).
 
I should add that I do not believe this was a virus. It was just an
annoying program that kept accessing the internet and would not let itself
be deleted.
 
Back
Top