Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Event Log causing "win403700" to autostart at boot

28 Aug 2011   #1
rennervision

Windows 7 Home Premium x64
 
 
Windows Event Log causing "win403700" to autostart at boot

Hello.

I'm having a peculiar problem that just started yesterday out of the blue. Suddenly when I boot up in Windows 7 (64-bit), there's always an open dat file titled "win403700" that greets me on my desktop. It's of no use to me, since it's filled with lines and lines of code that are completely encrypted in notepad.

After running CCleaner to clean out my registry and hard drive, followed by over two hours of sytematically uninstalling programs, disabling startup items, and then finally moving on to msconfig items under the services tab, I was able to determine that "Windows Event Log" is what causes this to pop open with each new startup. (I assume everyone has it enabled under msconfig > services.)

Would anyone know why it is doing this? If I can just disable it and forget about it I will, but based on what I'm reading here, it appears to be an essential process for updating Windows:

Windows Event Log - Process and Service wiki

Plus I would like to know if this is an indicator of a more serious problem. (A Malwarebytes scan did come back clean by the way.)

Thanks.


My System SpecsSystem Spec
.
21 Sep 2011   #2
Roland123

Windows 7 Pro x64
 
 

I am having the exact same problem, also on Win 7 x64 except that the file that's popping up in notepad for me is "win403750.dat."

Most of the file is binary gibberish but there is a string near the beginning that reads "This program cannot be run in DOS mode," which makes me think that this .dat file is an executable. I've tried renaming it to an .exe extension and running it, but Windows says that the file isn't compatible with the version of Windows I'm running. An ESET scan of the file comes out clean.

I also distinctly remember that this started happening after the latest Windows update(s) I ran 1~2 weeks ago.

@rennervision: Have you solved or discovered more about this issue?
My System SpecsSystem Spec
21 Sep 2011   #3
rennervision

Windows 7 Home Premium x64
 
 

Hello Roland123 -

Yes, I did figure it out - it's actually some kind of trojan. There was a file with the exact same name hidden in C:\users\[name]\appdata\local\temp. As soon as I saw it and double clicked on it, my Norton quarrantined it. Now everything's clean, but I'm not sure how it got there in the first place.
My System SpecsSystem Spec
.

23 Sep 2011   #4
Roland123

Windows 7 Pro x64
 
 

Deleting the file in the location you've specified seems to have solved the issue, so that's awesome. I'm a little worried that ESET didn't pick it up as a trojan, though. Do you remember what kind of trojan Norton flagged it as? Could it have been a false positive of some kind?

Anyways, many thanks for the info, rennervision.
My System SpecsSystem Spec
23 Sep 2011   #5
rennervision

Windows 7 Home Premium x64
 
 

Norton flagged it as a Trojan.Gen. I also thought it was odd it got in there undetected.

Someone on the Malwarebytes forum also recently had it as well:

TDSS/Alureon - Malwarebytes Forum

Since it was driving me CRAZY, as far as I'm concerned it met the definition of a virus. I'm glad I was able to help.
My System SpecsSystem Spec
Reply

 Windows Event Log causing "win403700" to autostart at boot




Thread Tools




Similar help and support threads
Thread Forum
Changing windows boot drive sata config from "raid" to "ahci"
So I have an AMD A88X motherboard in my htpc. For a few reasons I want to change the bios config for the sata controller from RAID to AHCI. I followed the instructions in this article: https://support.microsoft.com/en-us/...the-boot-drive to have windows load the ahci driver, but now I can't...
Drivers
How can I disable "autostart" from ALL external devices?
Hello, I am EXTREMELY annoyed after using W7Pro for few years and everytime I plug in a USB HDD, flashdrive, DVD or etc. Windows prompting me asking me for actions. I even tried to use the GODMODE to disable it but no luck. Any idea what else I can do?
Hardware & Devices
I screwed up the "Windows/CURSORS" FOLDER causing an error now [video]
Hello everyone, I tried to describe the problem in words and PICS but it was getting so difficult/complex and essentially, confusing to explain it, that I decided to make a video uploaded to YouTube called: https://youtu.be/rBFlDwo7hf4 The video explains everything in detail. It has to do...
General Discussion
Windows update causing trouble with "unifying" receiver
Hello, i just reinstalled windows 7; first i installed all my apps, and later on the windows updates : before that, no issue at boot, but after : between "windows starting" and the appearence of the logon screen, the screen stays black for while. This a known issue with the logitech "unifying"...
Windows Updates & Activation
"Windows Loading Files" infinite loop, Can't Boot USB "disk error"
hello, let's just get to the point, i had this problem recently where my pc can load windows, it keep looping pc's on - booting - then "Windows Loading Files" - restart it's infinite :cry: i don't know what to do, i don't have a cd rom, and i can't reinstall my windows from USB because every time...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:42.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App