Windows 8 and 8.1 Forums

Event ID 4797

  1. #11


    Posts : 26
    Windows 8 X64 Pro

      My System SpecsSystem Spec

  2. #12


    Posts : 79
    Windows 10 Pro 64-bit


    I bookmarked those links, thanks. I'm not convinced this is malware or some sort of attack. The event log message is certainly troubling and if its a legit function of the OS, they could've worded it better, thats for sure.

    I got some more 4797's this morning, btw. They referenced my Administrator, Guest, Homegroup and personal user accounts.
      My System SpecsSystem Spec

  3. #13


    Posts : 26
    Windows 8 X64 Pro


    Well my AMD started again. 21 times in a row last night hammering my accounts. i don' think it's built in to the os as security feature.
      My System SpecsSystem Spec

  4. #14


    Posts : 79
    Windows 10 Pro 64-bit


    Quote Originally Posted by DrHaze View Post
    Well my AMD started again. 21 times in a row last night hammering my accounts. i don' think it's built in to the os as security feature.
    I'm tempted to enable my guest account and leave the password blank to see what happens. During the times of these events, are you getting any prompts from your firewall about suspicious inbound/outbound connections? Some thoughts: Why would malware continuously scan for blank passwords once it determines none exist and why are there no log entries indicating failed login attempts if whatever this is is truly attempting to gain access into your PC? Maybe we can use Sysinertnals Process Monitor to log whats happening? I used it yesterday to record system activity while troubleshooting a software error @ work.

    Process Monitor
      My System SpecsSystem Spec

  5. #15


    Posts : 26
    Windows 8 X64 Pro


    No alerts from my firewall.I am familiar with Process Monitor
      My System SpecsSystem Spec

  6. #16


    Posts : 79
    Windows 10 Pro 64-bit


    Quote Originally Posted by DrHaze View Post
    No alerts from my firewall.I am familiar with Process Monitor
    I've completely disconnected this PC from the network/internet to see if the log entries continue. If they continue, then at least I know for sure the queries aren't originating from the internet somehow.

    Been updating/Running MBAM a couple of times per day and it, along with KAV continue to come up clean.
      My System SpecsSystem Spec

  7. #17


    Posts : 26
    Windows 8 X64 Pro


    I uplugged the ethernet and cleaned the event logs bare. i shutdown down the pc(powered off)
    Turned on PC after boot got 4797 on all accounts. Sounds like an infection..Hmmm..
    Have you contacted Kaspersky on this as they seem to find new infections/malware it would be interesting to hear their opinion.
      My System SpecsSystem Spec

  8. #18


    Posts : 79
    Windows 10 Pro 64-bit


    Quote Originally Posted by DrHaze View Post
    I uplugged the ethernet and cleaned the event logs bare. i shutdown down the pc(powered off)
    Turned on PC after boot got 4797 on all accounts. Sounds like an infection..Hmmm..
    Have you contacted Kaspersky on this as they seem to find new infections/malware it would be interesting to hear their opinion.
    I left my PC for over an hour disconnected from the network and the only logon/logoff events logged were me unlocking the PC when I came back. I reconnected it and I immediately got 4797 on admin, guest, homegroup and my account. I'll email Kaspersky later tonight if I have time.
      My System SpecsSystem Spec

  9. #19


    Posts : 79
    Windows 10 Pro 64-bit


    Posted problem over in KAV forums:

    Hopefully, they can help.
    Last edited by vram; 30 Jan 2013 at 19:04.
      My System SpecsSystem Spec

  10. #20


    Posts : 146
    Windows 8.1 Pro x64


    I checked my logs and see the same error message on both my desktop and notebook. 61 events in the last hour, hundreds in the last week. They're showing up under the "Audit Success" event type. The "Target Account Name" on both machines is "HomeGroupUser$". Both machines are part of my HomeGroup. Both machines show no infections after scanning with both NOD32 & Malwarebytes.
      My System SpecsSystem Spec

Page 2 of 6 FirstFirst 1234 ... LastLast
Event ID 4797
Related Threads
Event Viewer - Event Log Online Help in Performance & Maintenance
Hi, I am new to the forum and have searched to see if I can find a fix for my issue. My issue is whenever I use the Event Log Online Help link in any Event Notification all I get is transferred to this page Page Not Found I am new to Windows 8 but I used this service regularly with XP. I...
keep getting it logged as an error. I have gone into Adjust Date and Time\Internet Time\and it is set to automatically synchronize with time.windows.com and on a scheduled basis. When I try to update or change the setting I get an error message that an error occurred while windows was...
Event ID 219 in General Support
Hi, I am getting this error every time I turn on my computer. From Event Log: The driver \Driver\WUDFRd failed to load for the device ROOT\SYSTEM\0001. - System
While playing war thunder on steam my screen went black and i couldn't do anything. I restart my computer and play again it crashes. After one more time i look at my event viewer and find critical error event ID:41. I don't whether its the game or my pc.
event viewer EVENT 14 HAL. What is it ? in Performance & Maintenance
Hello. I'am unable to find any information regard one entry in event viewer (eventvwr.msc) EVENT ID is 14, Source Microsoft-Windows-HAL screens: http://i.imgur.com/mot50EK.jpg http://i.imgur.com/EKoELpO.jpg?1 It stays, somethink like. system was limited to the periodic cycle due to...
I've noticed an intriguing event in Event viewer... Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 25. 1. 2013. 8:13:00 PM Event ID: 8208 Task Category: None Level: Error Keywords: Classic User: N/A
Event 98 in Drivers & Hardware
Hi, I'm having a problem with an error that gets logged when I startup or restart. Volume HDDRECOVERY (\Device\HarddiskVolume3) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook