Welcome Guest ( Log In | Register )

Reply to this topicStart new topic
> Event ID 4797 - Think I might be infected but unsure, .
post 30.01.2013 05:58
Post #1


Group: Members
Posts: 3
Joined: 30.01.2013

I originally started a thread in this forum:


I get these from time to time:

Event ID 4797

An attempt was made to query the existence of a blank password for an account.

Account Name: XX
Account Domain: XXXXXXX
Logon ID: 0x53656

Additional Information:
Caller Workstation: XXXXXXX
Target Account Name: Guest (I get duplicate 4797's saying its also querying the Administrator, Homegroup and my personal user account)

I run Kaspersky AV 2013, UAC set to always alert, user account is password protected, and built-in Admin/Guest accounts are disabled by default. Does anyone else get these? The description makes me a tad uneasy. Both KAV and MBAM say my system is clean. No odd behavior witnessed from the machine. I have the following programs installed:

Adobe Flash 11
Adobe Reader XI
Firefox 18.01
Paint.NET 3.5.10
Office 2007
Power Archiver 2012
KAV 2013
Microsoft Visual C++ 2008 x86/x64
Syncback SE

If I'm infected with something its not being detected by KAV or MBAM. Over in the forum I referenced, one other guy claims to have the same problem. He runs AVAST, but its also saying his PC is clean. Not much info on the net about this Event ID 4797, either. Most of it pertains to Windows Server 2008 and it means an entirely different thing there.

This post has been edited by vram: 30.01.2013 06:12
Go to the top of the page
+Quote Post
post 30.01.2013 06:39
Post #2


Group: Global moderators

Posts: 1009762
Joined: 14.06.2007

Welcome. If you suspect malware issue, please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the first Important topic. There, you will find instructions for logs.

Please see the small print that is located at the bottom of this message.

Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
+Quote Post
post 30.01.2013 06:43
Post #3


Group: Members
Posts: 3
Joined: 30.01.2013

Getsysteminfo log: http://www.getsysteminfo.com/read.php?file...6b62327cc6570f3

edit: del duplicated content.

This post has been edited by richbuff: 30.01.2013 09:19
Go to the top of the page
+Quote Post

Reply to this topicStart new topic


Lo-Fi Version Time is now: 28.06.2017 00:46