1. Symantec/
  2. Security Response/
  3. Dr Watson

Dr Watson

Risk Level 1: Very Low

February 13, 2007 11:57:07 AM
Also Known As:
Dr.Watson, Dr W, DrWatson.1503, Dr W.1503

This virus infects DOS .COM files. The Dr Watson virus can spread through intranets, the Internet, or other e-mail. This virus has never been encountered by our customers. It is 1503 bytes long. This virus installs itself as a memory-resident program. This virus does not contain a destructive payload. It is not encrypted in any way. It does not exhibit multipartite behavior. In other words, it is incapable of infecting floppy disk or hard drive boot records. It virus does not try to actively conceal itself. This virus infects files in a manner that makes disinfection impossible.

The virus creates a file called C:\DRWATSON.COM and adds the line "@drwatson" to C:\AUTOEXEC.BAT. May display the message "Tracing mode has been destroyed." Please also note that Windows does have a tool called Dr Watson(DRWATSON.EXE) which is usually located in the WINDOWS directory. The virus probably uses this file name to confuse the user and make this file (C:\DRWATSON.COM) less suspicious.

Antivirus Protection Dates

  • Initial Rapid Release version December 21, 2000
  • Latest Rapid Release version August 29, 2017 revision 008
  • Initial Daily Certified version December 21, 2000
  • Latest Daily Certified version August 29, 2017 revision 019
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube