Jump to content

Event ID 4797 - Think I might be infected but unsure

Recommended Posts


I originally started a thread in this forum:




I get these from time to time:


Event ID 4797


An attempt was made to query the existence of a blank password for an account.




Account Name: XX

Account Domain: XXXXXXX

Logon ID: 0x53656


Additional Information:

Caller Workstation: XXXXXXX

Target Account Name: Guest (I get duplicate 4797's saying its also querying the Administrator, Homegroup and my personal user account)


I run Kaspersky AV 2013, UAC set to always alert, user account is password protected, and built-in Admin/Guest accounts are disabled by default. Does anyone else get these? The description makes me a tad uneasy. Both KAV and MBAM say my system is clean. No odd behavior witnessed from the machine. I have the following programs installed:


Adobe Flash 11

Adobe Reader XI

Firefox 18.01


Paint.NET 3.5.10

Office 2007

Power Archiver 2012


KAV 2013

Microsoft Visual C++ 2008 x86/x64


Syncback SE


If I'm infected with something its not being detected by KAV or MBAM. Over in the forum I referenced, one other guy claims to have the same problem. He runs AVAST, but its also saying his PC is clean. Not much info on the net about this Event ID 4797, either. Most of it pertains to Windows Server 2008 and it means an entirely different thing there.

Edited by vram

Share this post

Link to post
Share on other sites

Welcome. If you suspect malware issue, please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the first Important topic. There, you will find instructions for logs.


Please see the small print that is located at the bottom of this message.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now