Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 792
  • Last Modified:

Dr. Watson Postmortem Error when logging on to a workstation

We just installed a bunch of HP 4300 Workstations and almost all of them are getting the Dr. Watson error when logging onto the PC's.   You have to press send or dont sent and either way the PC locks up.  I have disabled the 3rd party browser extensions and ran AD-Ware and pestpartol and all of these workstations and I'm still getting the error.  Also we have ran different virus scanners on the workstations with no virus's coming up.  Any help would be appreciated.
0
ocontoco
Asked:
ocontoco
  • 4
  • 3
  • 2
  • +1
1 Solution
 
LeeTutorretiredCommented:
It would be helpful to know what the exact error message is.  In the meantime, this page may be of help:

http://www.computerhope.com/software/drwatson.htm
0
 
ocontocoAuthor Commented:
This is what I get in the Event Viewer after the Dr.Watson Postmortem Error - Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295x.

The error is a normal windows error that says an error occured and you need to shut down.  Once I click send or dont send to microsoft it locks the whole computer up and the only way to get by it is to either log off or restart the workstation.  The title of the Error is Dr. Watson Postmortem Error
0
 
LeeTutorretiredCommented:
Here's one web page I found that MAY be useful, although on the page it says the particular problem trojan seems to have disappeared and is currently handled by antivirus programs:

http://www.thenerdnetwork.net/forums/viewtopic.php?t=3086

I would bet that it is probably some sort of malware.  Can the user get into Safe mode with Networking?  If so, try this free program (HijackThis):

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  scroll down where you will see a Save Analysis button, hit it and it will save your Log Analysis (for a period of three days), then copy the link of that page and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start

http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis log tutorial
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LeeTutorretiredCommented:
ocontoco, any feedback?
0
 
ocontocoAuthor Commented:
This actually was not the problem.  Sorry it took so long but I have been in meetings and conferences.  I have a call in with Microsoft and they are working on using reporting tools to fix the problem.
0
 
nysoscdesktopsupportCommented:
We have also run into this problem with Dr. Watson posting and error on bootup but only with our newer Dell PC's. Dell Optiplex GX620 and Dell Latitude D620. Our previous Dell desktop and laptops do not have this error with Winodws XP. Both the GX620 and D620 have been built from seperate ghost images. One of my techs cam across a online doc that points to the new Execute Disable, Memory Protection Technology. Since the error is intermittent it is hard to tell wether turning this option off will work.

Ocontoco, has Microsoft been able to help you on this issue?
0
 
ocontocoAuthor Commented:
Here is what I have found out so far:(This seems to be a problem with our Scripts - batch file work fine) So far none of the 45 new machines are getting the Dr. Watson error anymore.  We were getting sometimes 3 times a day.

This issue has occurred on some new Dell computers that have hardware-based Data Execution Prevention (DEP) enabled by default. ScriptLogic is currently researching the cause of this issue.

To prevent this error from occurring, the DEP feature can be disabled in the BIOS or by adding explorer.exe as an exception in Windows XP.

Solution:
There are two methods that can be employed as a workaround to this issue.

1.  Disable Data Execution Prevention in the Bios (on Dell machines - Security tab --> Execute Disable option).

Or

2.  Create an exception for Explorer.exe.  To manually add the exception in Windows XP, logon to the computer as an administrator and open “System” from the Control Panel. Click the “Advanced” tab and the “Settings” button under Performance. Click the Data Execution Prevention tab then choose the “Turn on DEP for all programs and services except those I select”. Click Add and browse to Windows\explorer.exe. Click OK. A reboot may be required

This might help out your problem nysoscdesktopsupport
0
 
nysoscdesktopsupportCommented:
Thank You for the reply. You have confimed my thoughts on this issue and I plan to start deploying this workaround soon.

Just another note. We are also using Script Logic and this error started occuring after our latest upgrade to version 7.05

Thanks Again

0
 
ocontocoAuthor Commented:
This is the direct link to Scriptlogic fix - http://www.scriptlogic.com/support/kb/displayarticle.asp?UID=2241&Str=dep%20explorer.exe

We actually had these errors before we upgraded.
0
 
DarthModCommented:
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now