Avast WEBforum

Other => General Topics => Topic started by: eamesni on February 27, 2005, 10:35:15 AM

Title: DrWatson Postmortem Debugger
Post by: eamesni on February 27, 2005, 10:35:15 AM

Type this into Google and you will see that loads of people out there are having this error message with their system locking up.  Is this a virus? Is Avast working on it?

Title: Re: DrWatson Postmortem Debugger
Post by: igor on February 28, 2005, 10:46:47 AM

No, it is not a virus.
DrWatson is simply a special tool that pops up when a program crash occurs and tries to collect some more info about the problem.

Title: Re: DrWatson Postmortem Debugger
Post by: Ellura on March 08, 2005, 02:43:04 AM

Yes...there is a useful tool called DrWatson....but that isn't this .... it's just masquerading behind the name to fool ya >:(

Drwatson.1503 

Last Modified: March 07, 2000

It is a memory resident very dangerous virus. When the virus starts, it creates the file C:\DRWATSON.COM, writes its copy into this file and then inserts the command @drwatson into the file AUTOEXEC.BAT beginning. Other files are not infected. While accessing to file AUTOEXEC.BAT the virus uses stealth algorithm.

This infector stops tracing: it types "Tracing mode has been destroyed" and exits to DOS. If the virus body is traced the infector erases the content of FAT of current disk and reboots the computer.

Title: Re: DrWatson Postmortem Debugger
Post by: techie101 on March 10, 2005, 12:53:29 AM

This "Dr. Watson" is a nasty little bugger!!!

This virus infects DOS .COM files. The Dr Watson virus can spread through intranets, the Internet, or other e-mail.  It is 1503 bytes long. This virus installs itself as a memory-resident program. This virus does not contain a destructive payload. It is not encrypted in any way. It does not exhibit multipartite behavior. In other words, it is incapable of infecting floppy disk or hard drive boot records. It virus does not try to actively conceal itself. This virus infects files in a manner that makes disinfection impossible.      as quoted by Symantec.

Go to http://securityresponse.symantec.com/avcenter/venc/data/drwatson.html for removal instructions.

Title: Re: DrWatson Postmortem Debugger
Post by: RJARRRPCGP on April 27, 2005, 02:31:53 AM

Quote from: Ellura on March 08, 2005, 02:43:04 AM

Yes...there is a useful tool called DrWatson....but that isn't this .... it's just masquerading behind the name to fool ya >:(

Drwatson.1503 

Last Modified: March 07, 2000

It is a memory resident very dangerous virus. When the virus starts, it creates the file C:\DRWATSON.COM, writes its copy into this file and then inserts the command @drwatson into the file AUTOEXEC.BAT beginning. Other files are not infected. While accessing to file AUTOEXEC.BAT the virus uses stealth algorithm.

This infector stops tracing: it types "Tracing mode has been destroyed" and exits to DOS. If the virus body is traced the infector erases the content of FAT of current disk and reboots the computer.

Gee wiz, that sounds like one of those old-school viruses, from the early 1990s and before.