DrWatson Postmortem Debugger issue

I've got this computer that, upon bootup, gets hit by a couple hundred DrWatson windows stating that services/programs are erroring. I did some research and it sounds like the AceBot trojan....however I follow this link and didn't get anywhere:
http://www.thenerdnetwork.net/forums/viewtopic.php?t=3086

I've scanned the machine in safe mode and on another computer attached as a slave, and I could not find any trojan/virus/etc using Avast, A-squared or AVG-free antivirus software. I also ran SpyHunter, AVG-antispyware, adaware SE, spybot and Superantispyware but they did not find anything. Maybe one or two traces of spyware, but nothing related to DrWatson.

I ran Hijackthis but did not find anything peculiar, except a bunch of logitech junk. I have KillBox from the above link, but I do not see any malicious files to use it on.

Any suggestions? I'm just hammering away...but I don't think a virus/trojan is present. I think it may have already removed itself after altering something within windows...but what do I do? I've considered doing a repair...but I'm not sure if that is going to fix the files that were changed.

KG

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

KGhaleon

To throw in one more thing, aside from DrWatson I'm getting lots of these little windows marked "Data execution prevention." These things are part of XP SP2, but something is setting them off.

KG

jescab

post the hijackthis log please..........

jescab

If you are logged on as an administrator, you can manually configure DEP to switch between the OptIn and OptOut policies by using the Data Execution Prevention tab in System Properties. The following procedure describes how to manually configure DEP on the computer:

1. Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, under Performance, click Settings.
3. On the Data Execution Prevention tab, use one of the following procedures: • Click Turn on DEP for essential Windows programs and services only to select the OptIn policy.
• Click Turn on DEP for all programs and services except those I select to select the OptOut policy, and then click Add to add the programs that you do not want to use the DEP feature.

4. Click OK two times.

jescab

go here and make sure the top one is checked

1. On the My Computer icon right click with your mouse and choose Properties. (My Computer can be found on the desktop and/or the Start menu depending on how you have your Windows XP setup.)

2. A small window will have appeared called: System Properties. Look for the "tab" along the top called Advanced, now click it.

3. Now look for the section called Performance and click the button called Settings.

4. You will now see a new window appear called Performance Options, click the tab along the top called Data Execution Prevention and you should get the same window view as the image below.

KGhaleon

I don't see any image, but I noted that Dr watson postmortem debugger was in the list of programs that DEP checks. Should I remove that entry?
{edit} Tried removing DrWatson from that list...but it didn't fix the issue.

Oh, and I checked this setting on some other computers and I noted that on the one I post from, it is set to: "Turn on DEP for essential programs and service only"

The machine that is having the problem is set to: "Turn on DEP for all programs and services except those I select" followed by a list.
(maybe this is the problem? I'll check)

{edit} Just tried, no change. Nothing I change in the DEP settings seem to have an effect on the issue.

ally_uk

Proceed to throw your Dr Watson Software in ze bin

Job done

KGhaleon

Isn't it part of windows? Someone on another forum tried disabling it and it made their desktop vanish.

KG

jescab

yeppers it is part of the OS......

KGhaleon

I lost to it. ;_;
The customer didn't have anything important on the drive and gave me permission to back-up anything on it and reinstall. I don't like to do this, but there aren't any options left.

KG

jescab

That was a smart move. Start clean.