dr watson virus?

will456

i ran a virus scan using avast free home edition.

during the scan it found somekind of virus or problem and prompted me to reboot so it could scan in some kind of start up mode.

upon doing that it rebooted and didnt say there was a problem, i run the scan again and ignored the prompt to reboot and the scan ran its course , i have 5 infected files , they are all dr watson or drwtsn named files, it says they are rootkit hidden files,

i deleted 4 of the 5 files,( the 5th wouldnt delete) and run the scan again, and exactly the same thing happened as in the 1st scan

my pc appears to be running fine , can anyone shed any light on what exactly this is all about and should i do anything further, thanks

5bellies_2

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Download and run that free tool.

Joe_Bloggs

Dr Watson from the information contained in the estimable Wikipedia entry appears to be this ! The windows feature is a word that I can't say because it has a debug at the start then it is follower with 'er' .Perhaps this is some kind of program error that you should convey to the program developer.
J_B.

Conor_3

LOL, you have to love the swear filter on this forum. Quite a few Brit expletives get through but partial words get blocked.

You get what you pay for I suppose, just like MSE forum servers...

will456

ive since tried sophos and malwarebytes , they have found nothing wrong but avast still identifies 5 dr watson rootkit hidden files

my pc is running fine but should i do anything further and what exactly is this dr watson as search results dont have a definitive answer

Joe_Bloggs

@will456 I assure you Dr Watson is an official Microsoft product. They tell you how to disable it here. Since this infornation concerns Avast, Microsoft and you then inform the other parties of the situation. This may help the product involved, be improved and solve you problem.
I would like to wish the supporters of S!!!!horpe and Watford an entertaining game on Jan 3 2009.
PS this a test of the intelligence of the swear filter.
J_B.

Joe_Bloggs

@loaner since you suggested a solution to the problem, can you enlighten us all to the specifics of the boot disk that can achieve the required results? Or mention boot disks that have helped you in someway.
J_B.

Exo

As mentioned above, the official Dr.Watson is an error reporting tool.
I am surprised Avast gave you a reboot choice. The normal choice is to Delete the virus or remove it to the virus chest if you still wish to work on the file.

Avast would not normally report the official program. I would tend to trust Avast and delete what it has found.

Exo

If it helps, these are the official locations on my computer for Dr Watson or drwtsn.

drwatson.exe C:\Windows\system32
drwatson.exe C:\Windows\system32\dllcache
Dr Watson C:\Documents and Settings\All Users\Application Data\Microsoft

drwtsn32.chm C:\Windows\Help
drwtsn32.hlp C:\Windows\Help
DRWTSN32.EXE-033527A2.pf C:\Windows\Prefetch
drwtsn32.exe C:\Windows\system32
drwtsn32.pdb C:\Windows\Symbols\exe
drwtsn32.exe C:\Windows\system32\dllcache
drwtsn32.log C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson

DatabaseError

Conor wrote: »

You get what you pay for I suppose, just like MSE forum servers...

What are you suggesting? Surely the mse server is not from the 'value' range?
My assumption was that the servers themselves were top of the range cisco units, but the connection to the web was a 33k modem