Windows Event Log causing "win403700" to autostart at boot


  1. Posts : 3
    Windows 7 Home Premium x64
       #1

    Windows Event Log causing "win403700" to autostart at boot


    Hello.

    I'm having a peculiar problem that just started yesterday out of the blue. Suddenly when I boot up in Windows 7 (64-bit), there's always an open dat file titled "win403700" that greets me on my desktop. It's of no use to me, since it's filled with lines and lines of code that are completely encrypted in notepad.

    After running CCleaner to clean out my registry and hard drive, followed by over two hours of sytematically uninstalling programs, disabling startup items, and then finally moving on to msconfig items under the services tab, I was able to determine that "Windows Event Log" is what causes this to pop open with each new startup. (I assume everyone has it enabled under msconfig > services.)

    Would anyone know why it is doing this? If I can just disable it and forget about it I will, but based on what I'm reading here, it appears to be an essential process for updating Windows:

    Windows Event Log - Process and Service wiki

    Plus I would like to know if this is an indicator of a more serious problem. (A Malwarebytes scan did come back clean by the way.)

    Thanks.
      My Computer


  2. Posts : 2
    Windows 7 Pro x64
       #2

    I am having the exact same problem, also on Win 7 x64 except that the file that's popping up in notepad for me is "win403750.dat."

    Most of the file is binary gibberish but there is a string near the beginning that reads "This program cannot be run in DOS mode," which makes me think that this .dat file is an executable. I've tried renaming it to an .exe extension and running it, but Windows says that the file isn't compatible with the version of Windows I'm running. An ESET scan of the file comes out clean.

    I also distinctly remember that this started happening after the latest Windows update(s) I ran 1~2 weeks ago.

    @rennervision: Have you solved or discovered more about this issue?
      My Computer


  3. Posts : 3
    Windows 7 Home Premium x64
    Thread Starter
       #3

    Hello Roland123 -

    Yes, I did figure it out - it's actually some kind of trojan. There was a file with the exact same name hidden in C:\users\[name]\appdata\local\temp. As soon as I saw it and double clicked on it, my Norton quarrantined it. Now everything's clean, but I'm not sure how it got there in the first place.
      My Computer


  4. Posts : 2
    Windows 7 Pro x64
       #4

    Deleting the file in the location you've specified seems to have solved the issue, so that's awesome. I'm a little worried that ESET didn't pick it up as a trojan, though. Do you remember what kind of trojan Norton flagged it as? Could it have been a false positive of some kind?

    Anyways, many thanks for the info, rennervision.
      My Computer


  5. Posts : 3
    Windows 7 Home Premium x64
    Thread Starter
       #5

    Norton flagged it as a Trojan.Gen. I also thought it was odd it got in there undetected.

    Someone on the Malwarebytes forum also recently had it as well:

    TDSS/Alureon - Malwarebytes Forum

    Since it was driving me CRAZY, as far as I'm concerned it met the definition of a virus. :) I'm glad I was able to help.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:05.
Find Us