Helping people with computers... one answer at a time.

Fortunately msdtc.exe is not a virus - it's a part of a couple of Windows applications.

Is msdtc.exe a virus?

Nope, not at all.

MSDTC.EXE is a part of a couple of Windows applications. It's the "Distributed Transaction Coordinator". It manages, as you might guess, transactions which are distributed across multiple servers.

Article C2280 - February 12, 2005 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

28 Comments
dani
July 21, 2005 6:14 AM

i am so tired of ppl using such condensending tones when anyone asks a logical question ... ok how about stand alone home pc's, why would they need to have this running all the time ? they r not connecting to a network nor are they sharing info with other pc's (except in normal web traffic if that is possible) ok maybe i am ignorant but it seems to me if the powers that be want to have us "users" more aware of security maybe perhaps ... ya think they should explain it better .... say if it is applicable to home users a) that are stand alone units or B) home networked or c) networked outside the home or as i was once dumb enuf to think of it a "LAN" local area network ..... which does not mean it is local .... or a network for that matter and i have yet to see anyone list the protocol for all the different types of isp's
nevermine explain why it is a network when u log into dsl but not dial up and why i need a nic card and a modem and a billion other unneccessary things they "the all knowing powers that be" say i should have and then explain i need it, if i want to run this program which depends on that program which i never wanted in the first place ... the closest i have come to a straight answer from anyone on the net .... "speaking to the uninformed " is blackviper.com at least he tells ya what the process is for and if u need it ... more than i can say for almost anyone else ... you all forget u started out on 1 (ONE) pc (PERSONNAL Computer) yeah, wonder how they got that name?since no one seems to rememeber us pooor poor pitiful personal users .... why not? when u think of it... ppl who use computers for a living should be trained to use them as any other type of machinery in their job or they have IT managers so let them explain it they r being paid for it .... so that leaves the majority of the untrained, unknowing, users in the home waa laaa yes??? or no??? and yet nothing is ever addressed to them except in languange that only makes them not ever want to ask another tech question again .... ok now i am done venting.... for a while.... so what is the answer to my question lol should msdtc.exe be running all the time in a stand alone xp sp2 ... dsl connected pc ??? easy question huh thank you in advance for your courteous reply .

Leo
July 21, 2005 8:27 AM

Yes it can be running on a standalone machine.

hatetep
November 28, 2005 12:02 PM

Leo, i think you should think again about the answer. the question was "SHOULD msdtc.exe be running all the time in a stand alone xp sp2"
nara:)

twipsta
December 11, 2005 9:12 PM

In responce to dani's stupidity ..... Yes an IBM PC Clone is often refered to just a PC, and yes PC does stand for Personal Computer ..... But that does not mean it's meant for every half-wit who thinks just because it has Personal in the name, doesn't mean it's going to be easy to understand ....

I mean think long and hard .... You are using a Business Machine designed to increase productivity (and hey, IBM stantds for International Business Machines ....) and you are also using a business orientated operating system (IE Windows XP, or Windows NT 5.1) and anyone with some basic knowledge on Microsoft operating systems would know that Windows NT is the Business side of their OS family, with emphasis on security and NETWORKING (shock!)

So is it realy any wonder why you're half Home based, half Business based OS would have half (if not all) the networking/security features that customers would expect of it?

As it is Microsoft has already stupified the OS so as any Joe Bloggs with a kindergarten pass can use it. And as the saying goes "If it aint broke, Don't fix it"

So please .... Do us all a favour. Leave it to the people who DO know what they're doing, or if you're really that intent on "tweaking" your system .... Learn what you're doing first!

Tho we can't really blame people like dani here .... I mean how many people have had to teach their linux teacher the basicis of linux (While doing a Diploma of Software Engineering ... I got sick of the incompetence and left the course)

And thats my vent...
Comming from a self taught Computer Tech. of 3 years, and PC enthusiast of 20 years :P

J
February 8, 2006 9:08 AM

Twiptsa...

You seem to me to be a legend in your own mind...

Enthusiast of 20 years, and 'self-taught'.

What a laugh, self-taught means you learned what you do from first principles. Once you read it in a book, you by definition learn it from someone else.

Get over yourself, and get a proper perspective about the skills you have, the weakness that other people do (and do not) have and perhaps you might last the pace in a diploma.

BTW, I have three degrees in computing science including a doctorate and over 20 years experience in the industry. You strike me as someone who really doesn't deserve the self-given title of 'Tech'.


J.

Mike
June 1, 2006 2:53 PM

This msdtc.exe is completely slowing down my computer. It only comes on, however, when I open Internet Explorer. I use Mozilla Firefox but for certain videos, documents, etc. I need to use Internet Explorer and I have to stop the process multiple times(whenever a new window, refreshed window, or entered address is put in) I just want it off my computer. I dont know how though. Please, I'm begging you, please, help me get it off. It's the most annoying thing ever.

Mike

Bob E
August 18, 2006 11:34 AM

Hello Tech community.
Knowing that it takes a "village" of informed people to help make the best choices for all, and not wanting to tirade over who the village idiot is (I do sense there are several candidates) I think we all need to help answer the questions without adding judgment.

I do believe that Dani has a valid point. If we were to really look in the mirror…..
And I do not believe that Dani is involved in “tweaking” a system.

I found this thread through a Google search as I had noticed for the first time MSDTC.EXE running as a network service along with several SVCHOST.EXE instances.

Since I can not remember previously seeing MSDTC running earlier on my machine I wanted to investigate whether it was Spyware or something else.

I now see that it is a Microsoft Product not Spyware, but it still might be.

No indication that it could have been kicked off by a hijack or intruder… but if I know Microsoft, it could be a likely target for an exploit.

Tweaking my system? No, just investigation objects running to see what they are, and if there are any performance issues.

Neither of those questions was answered here, yet.
So, what gives? If this is a running app at the Network Services level, has anyone experienced or have knowledge of it being exploited or being the exploit itself?

30 Year IT Professional
Remember the XT?
I remember rewriting core objects in 11K Mainframe operating systems to get objects to run. Still have a few punch cards. Several sizes.

bryan
September 11, 2006 7:24 PM

Hi I have been trying to look into what MSDTC.exe is and what it does. I haven't found a great deal of info on it. So I figure I would see if anyone here could help.

I first noticed it when my wife was complaining about not being able to minimize or right click on the taskbar. I went ahead and looked through her processes running and noticed this process running. I have only seen it on my wifes computer and her computer is exactly like my other two computers, which do not have the process running.

Anyways I end the process and it allows her to right click on the taskbar and minimize the windows she has open. So it isn't hard to fix but I would rather fix the issue permanently rather then temporary fixes.

So basically if anyone knows if this process is of importance or how to disable it(permanently) or prevent this issue from occuring it would be much appreciated.

Thanks

Sharon
September 14, 2006 10:26 PM

I found this link when searching for msdtc.exe on google. (I am no expert). I just installed the Service Pack 2. (I am a bit slow).
As I am curious by nature and wanted to know what was running through task manager I checked and there you go --> msdtc.exe . I assume it is part of Service Pack 2.

I am trying to find out more about it.

mike.l
September 20, 2006 8:48 PM

well,
so far no answers yet. i too have this process running on my pc and never saw it before today.

but first for the guy that said that he couldnt right click on the task bar or minimize. i am not having that problem. i can right klik on the task bar and minimize with it running so it is wierd that that is your issue withit but it cant explain what the process is for. because i am not having that problem with it. i have downloaded, but not installed yet: release candidate 1 microsoft explorer7 and the defender package. and i downloaded and have installed windows live messenger. although it may be somthing from windows messenger. im not sure because i had messenger before i downloaded the live version and it wasnt there.

i have but one question:

shouldnt microsoft have a place where they explain all these things so we woulnt have to ask these type questions about a microsoft process on a forum? and if so , where is this place?

mike.l
September 21, 2006 4:11 PM

update. funny thing. after i posted i went out and tried to open a game .exe and found that double left clicking on it was juat like right clicking on it. and i had to choose open to run the game. very strange. so i went to processes and ended the msdtc.exe and all was back to normal. so i see some validity in bryans post above. but the wierd thing is it is doing somthing difrent for me then him. SOOO...... what is the purpose of this thing? will we ever get an answer? and is it somthing i did while messing with the my computer files the ones where you brinf up start/ run/and type dcomcnfg?

i think that is where the answer is. but i have no clue what i did. so can someone help please? i know that is when the .exe showed up for the first time now. just not sure why it showed up.

baracuda
November 16, 2006 3:00 AM

Here is your answer!!!!

[Copyright violation removed. Visit this link instead: http://support.microsoft.com/kb/902400/en-us -Leo]

john
February 22, 2007 11:27 AM

That knowledgebase article does not provide any meaningful info. All it (and embedded hyperlinks) did was briefly (very briefly) discuss a security update. It did not answer the 'why'.

I too, after running this XPpro SP2 computer for about 15 months just now saw this process for the very first time. My computer has been running for 4 days straight before this process started, and I had NOT made any Microsoft updates.

The process monitoring program "What's Running" shows the "msdtc.exe" process started EXACTLY at the same time as I attached a WesternDigital "MyBook" external USB disk drive for the first time.

At the same time, a "dllhost.exe" process was started. The only other process even remotely near these two timewise, was related to "notepad.exe" and that was 2 days prior.

Both processes stayed active even after disconnecting the drive.

Sniper2
May 1, 2007 1:10 AM

What still no answers ? What ever happend to Leo ?? i mean this site is obviously about asking Leo some IT Questions right ? hehe . Leo !!!! god can u hear me Leo ... i installed Microsoft Visual C# Express Edition and SQL Server 2005... after that, this two things was seen running in my process "dllhost.exe" and "msdtc.exe". is it part of C#? is it dangerous ? would cause my computer to run slow ?

Nick
May 14, 2007 3:24 AM

It is quite funny, it eats up my CPU to it's maximum.

I can't do anything, I get these annoying popups all the time which cannot be disabled, and it is all because of that msdtc.exe. I would to find out an answer to completely terminate this process, since it does not affect any other program that is running. After i terminate it, it's gone for about 20 minutes, then it's back up running again. So please, help me out. Really I have no idea how to sort this out!

Me
May 23, 2007 1:54 PM

re: John and installed C#/SqlServer. MSDTC is used by SqlServer to manage distributed transactions and to marshall transaction-based requests across multiple machines. It is normal that msdtc.exe would be running in this case.

Some additional information on the service that might be useful for some folks:

"Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start."

Many applications use Microsoft's SQLServer Express, an embedded database, for storing information. The message queues are also used by many applications. File transfers should be fairly obvious.

virtualshogun
September 1, 2007 8:58 PM

i have windows 2000 with no upgraded service pack but somehow this managed to make it onto my system and you cant shut it down with the process manager. so a simple work around click start / run then type services.msc then hit enter look for Distributed Transaction Coordinator it should say status : started click [stop] then click logon
tab at the top it should say something like profile1 [enable] [disable] click diable and be done with it. hope that helps everyone.

John Price
October 17, 2007 9:38 PM

I found this service running on my box as well, never happened before today. Easy enough to stop though (Win XP Pro w/SP2) Start/All Programs/Administrative Tools/Component Services. Click on Component Services/Computer/My Computer. Right click on My Computer and choose properties, there will be a MSDTC tab. Click on this and then stop the service there. It never started again. I really do not know what the service is for but I have never seen it before and I guess I do not need it running all of the time. Hope this helps everyone out.

John

John

Jf
March 31, 2008 4:08 PM

msdtc is what I found to be the source of the incredible slowdown that started a few months ago. Have to ctrl-alt-delete- kill it, and machine goes back to normal. I found this info, which is the ONLY useful info to date about it.

MS05-051 POC Exploit

A proof of concept (PoC) exploit was released against systems vulnerable
to MS05-051. MS05-051 was released in October. The vulnerability does allow for
arbitrary code execution in systems with the Microsoft Distriuted Transaction Coordinator (MSDTC) enabled.

In order to disable MSDTC, enter the following command:

sc stop MSDTC & sc config MSDTC start= disabled

By default, port 3372 is used by the exploit. The packet send will cause a denial of service condition. At this point, we see only little activity at port 3372, likely due to the fact that this PoC exploit does not actually execute any “useful” code.

bengtang
April 28, 2008 5:53 PM

I also have msdtc.exe slowing down my PC. It always appears together with 2 instances of dllhost.exe. I have tried renaming it (it is found in in Windows\ststem32) but when i do that a new copy of that msdtc.exe file appears in my system32 folder. When i delete that, it appears again in a coupe of seconds, i don't know where it comes from.

The only way i have been able to stop it is to delete it and quickly rename a copy of a different file as msdtc.exe, i used a copy of wordpad.exe. That stopped msdtc from loading and slowing down my computer because whatever virus was using it would then try to start wordpad and it won't work for whatever evil scheme it is trying to pull off.

bengtang
April 28, 2008 8:26 PM

More MSDTC weirdness, after make a fake msdtc.exe out of a copy of wordpad.exe, i again tried deleting the fake one, and hey presto, it reappeard in system32 folder, but the one that reappeared was the fake on i had just deleted!
i.e. the file i deleted and which reappeared is wordpad renamed as msdtc. It seems that whatever it is part of makes a backup copy of msdtc.exe from system32 folder, and restores it if you delete it.

Also, in my system32 folder is a sub directory named MsDtc which contains a MSDTC.log file and a subdirectory called Trace which contains dtctrace.log and over a hundred dtctrace.log.2008.**** files, which have time spamps as part of the filename. It looks like MSDTC is keeping some kind of trace of lo, but i don't know of what. The files are not text files. Could it be some kind of key logger?

bengtang
April 29, 2008 3:12 AM

Typo: i meant "time stamps" and "some kind of trace or log".

Anyway, i found that when i deleted msdtc.exe from system32 folder, it was restoring msdtc.exe from system32\dllcache folder, but when i deleted it from both dllcache and system32 folders, it still reappeared within a few seconds, restored from somewhere else. After searching Windows directory for msdtc.exe i found it also in Windows\ServicePackFiles\i386 and also a similar named file in windows\prefetch called MSDTC.EXE-165575FA.pf

After deleting it from Windows\ServicePackFiles\i386 windows gave an error message asking me to restore it from CD, which i ignored, and so far, i think i have got rid of it now as it hasn't come back.

Stephen2
August 20, 2008 10:00 PM

OK, for those ... slow ... people trying to remove this by deleting from here and there, here's the way to stop MSDTC if you think you don't need it.

It's a SERVICE and must be set to DISABLED, so:

1) Start -> Run -> Services.MSC
2) Find "Distributed Transaction Coordinator"
3) Double click the service
4) Press STOP and set Startup Type to DISABLED

Please stop manually deleting from System32 folder unless you know what you're doing...

Erica
September 4, 2008 11:10 PM

Well as everyone has stated to stop it and disable it from the Distributed Transaction Coordinator, I have done this yet it continues to run alongside dllhost.exe. I have stopped and disabled all remote access to my computer, yet my System Idle Process remains at 99%.....so what's the next tip......?

vijayan
October 22, 2008 4:04 AM

i installed one application in my system,every time i have to start the msdtc whenever i shut down and restart the system.
Even the services started,i have to stop and start the service.
give me solution

candyman1
November 21, 2008 7:06 AM

If I understand correctly msdtc has nothing to do with the average user and disabling it won't hurt operations anywhere on a PC.

That kinda depends on your definition of "average" - some software does rely on it after all. I would leave it alone unless there's a compelling reason to investigate further.
- Leo
22-Nov-2008

KtK
April 11, 2009 2:18 PM

I have msdtc.exe running in a folder In Windows/SoftwareDistribution/Download is this normal? Is is also running in Window/System32. I am afraid I have a mate watching program on my pc. Can you let me know? Thanks!

I don't believe "Windows/SoftwareDistribution/Download" is normal. I suspect malware of some sort. See if anti-malware software will get rid of it.
- Leo
12-Apr-2009

Colin Basterfield
June 27, 2009 3:39 PM

Hi,

I have Windows XP Media Centre Edition 2002 SP3, and want to, amongst other apps run Message Queueing, WCF services on my machine, albeit only in a dev sense. I can't get past base on either due to MSDTC terminating unexpectedly with Error 1067. It is running under Network Service, as oppose to local system. I have run through the 'fix' according to Microsoft as per http://support.microsoft.com/kb/891801, but to no avail it still fails to stay started.

The error in the event log is:
A critical error occurred in an MS DTC component therefore the process is terminating. The category field identifies the component that encountered the error. Please contact Microsoft Product Support. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtc\src\cservice.cpp:436, Pid: 3888
No Callstack,
CmdLine: C:\WINDOWS\system32\msdtc.exe

I'm at a loss, and wondered if you can help me please?
many thanks in advance
Colin

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.