DrWatson Postmortem Debugger

Discussion in 'malware problems & news' started by Muerte Roja, Sep 15, 2005.

Thread Status:
Not open for further replies.
  1. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Recently I had to switch off my computer and you know how they don't like it when you don't go to Start > Shutdown, so as soon as I started back up DrWatson Postmortem Debugger encountered an error. Just to be safe I started trying to find out more information about what it was. A lot of sites say that it is a very nasty virus (Open Tech Support Community), Symantec identifies it as a virus, but has no instructions for removal because it apparently can't be removed. I ran an online scan with Symantec, but it hasn't been detected. I have yet to finish another online scan, and will inform you if it is detected. I also hear that DrWatson is a program that is used to report errors in Windows XP SP2 (which is what I am running). I am very confused as to what this program is. This is a new computer to I'd like to keep it as clean as I can for as long as possible.

    The resources I have are:

    Webroot Spysweeper (fully liscensed)
    McAfee Enterprise v. 8.0.0 (fully liscensed)
    Zone Alarm v. 6.0.667.000 (fully liscensed)

    I am willing to download HJT or ASViewer or anything else needed. I have searched the Wilders forums and not found anything applicable to me, and would appreciate any help you can offer.

    P.S. I don't know if it is a symptom, but every time I try to run something off my desktop Windows Explorer encounters an error closes, and restarts. It only does this once (the first time), the rest of the time everything runs fine. Thanks again.

    Muerte Roja
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    u could try disabling error reporting and dr watson. error reporting can be disabled in System Properties > Advanced (tab) > Error Reporting (button). dr watson goes by the name of drwtsn32.exe and can be found in C:\WINDOWS\system32. uncheck all the boxes and change the top two numbers from 10 to 0. and lastly, once u run HJT post it at castlecops or another security forum (Wilders not longer analyzes HJT logs).
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi Muerte Roja,

    Dr. Watson is a postmortem debugger for applicaton level programs - not system level. WSFuser offers good advice, so unless you are developing and debugging application programs, I would follow it myself.

    With regard to Windows Explorer, I have had problems with regard to Data Execution Protection and decided to make Windows Explorer an exception.
    To accomplish this to see if it helps your situation:
    Start->Control Panel->System->System Properties->Advanced tab->Performance Options->Data Execution Prevention
    Select: Turn on DEP for all programs and services except those I select, then click on Add button to add Windows Explorer and check it and click Ok

    -- Tom
     
  4. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    I'm not an advocate of disabling the program. There are times that it can and does provide good information.....and having it enabled does not CAUSE a crash or an error. But it is helpful in letting you know when one has occured (so you don't sit there clicking the same mouse button over and over, with nothing happening, and wondering why).

    I would just leave it as is, only now you know that it's nothing to worry about......
     
  5. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Well I took my computer into Best Buy's Geek Squad and they said that it looked like it was probably a virus problem. They did a diagnostic and said that the problem was because I hadn't emptied my Spysweeper quarantined folder and the spyware had built up. They emptied it and reported my system's problem solved. Of course, it was not. I have yet to take it back. So the following problems are happening with my system:

    Any time I open a program that requires Windows Explorer, it enounters an error.

    Also, Generic Host Process for Win32 Services randomly encounters error. When that happenes, my taskbars (like my system taskbar) goes back to the old style. Example: (because that doesn't really make much sense) The start bar is white instead of blue, the start button is white instead of green, all the bars at the top of windows have a white exit, minimize, and maxmize buttons. It's like my system reverts to Windows 98 settings or something.

    I am completely stumped because I can't tell if it is a virus or just something wrong with my system. I have also gotten some contradicting reports and I can't decide whether to disable error reporting or not. Anyone else's input would be appreciated and thanks for all your help so far. Thanks
     
  6. Ownt

    Ownt Guest

    I have encountered the same problem recently too, I just installed SP2 for windows and i get the error, then my system freezes. Applications keep running to some extent, as i can hear music and such still playing, but minimize, exit, etc do not work. It doesnt happen often, just every once in a while.
     
  7. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I've narrowed it down to whenever I plug in a LAN ethernet cable, Generic Host Processes encounters an error. In response to that, my sound also stops working.
     
Thread Status:
Not open for further replies.