msdtc.exe

i have windows 2000 with no upgraded service pack but somehow this managed to make it onto my system and you cant shut it down with the process manager. so a simple work around click start / run then type services.msc then hit enter look for Distributed Transaction Coordinator it should say status : started click [stop] then click logon
tab at the top it should say something like profile1 [enable] [disable] click diable and be done with it. hope that helps everyone.

I found this service running on my box as well, never happened before today. Easy enough to stop though (Win XP Pro w/SP2) Start/All Programs/Administrative Tools/Component Services. Click on Component Services/Computer/My Computer. Right click on My Computer and choose properties, there will be a MSDTC tab. Click on this and then stop the service there. It never started again. I really do not know what the service is for but I have never seen it before and I guess I do not need it running all of the time. Hope this helps everyone out.

John

John

msdtc is what I found to be the source of the incredible slowdown that started a few months ago. Have to ctrl-alt-delete- kill it, and machine goes back to normal. I found this info, which is the ONLY useful info to date about it.

MS05-051 POC Exploit

A proof of concept (PoC) exploit was released against systems vulnerable
to MS05-051. MS05-051 was released in October. The vulnerability does allow for
arbitrary code execution in systems with the Microsoft Distriuted Transaction Coordinator (MSDTC) enabled.

In order to disable MSDTC, enter the following command:

sc stop MSDTC & sc config MSDTC start= disabled

By default, port 3372 is used by the exploit. The packet send will cause a denial of service condition. At this point, we see only little activity at port 3372, likely due to the fact that this PoC exploit does not actually execute any “useful” code.

I also have msdtc.exe slowing down my PC. It always appears together with 2 instances of dllhost.exe. I have tried renaming it (it is found in in Windows\ststem32) but when i do that a new copy of that msdtc.exe file appears in my system32 folder. When i delete that, it appears again in a coupe of seconds, i don't know where it comes from.

The only way i have been able to stop it is to delete it and quickly rename a copy of a different file as msdtc.exe, i used a copy of wordpad.exe. That stopped msdtc from loading and slowing down my computer because whatever virus was using it would then try to start wordpad and it won't work for whatever evil scheme it is trying to pull off.

More MSDTC weirdness, after make a fake msdtc.exe out of a copy of wordpad.exe, i again tried deleting the fake one, and hey presto, it reappeard in system32 folder, but the one that reappeared was the fake on i had just deleted!
i.e. the file i deleted and which reappeared is wordpad renamed as msdtc. It seems that whatever it is part of makes a backup copy of msdtc.exe from system32 folder, and restores it if you delete it.

Also, in my system32 folder is a sub directory named MsDtc which contains a MSDTC.log file and a subdirectory called Trace which contains dtctrace.log and over a hundred dtctrace.log.2008.**** files, which have time spamps as part of the filename. It looks like MSDTC is keeping some kind of trace of lo, but i don't know of what. The files are not text files. Could it be some kind of key logger?

Typo: i meant "time stamps" and "some kind of trace or log".

Anyway, i found that when i deleted msdtc.exe from system32 folder, it was restoring msdtc.exe from system32\dllcache folder, but when i deleted it from both dllcache and system32 folders, it still reappeared within a few seconds, restored from somewhere else. After searching Windows directory for msdtc.exe i found it also in Windows\ServicePackFiles\i386 and also a similar named file in windows\prefetch called MSDTC.EXE-165575FA.pf

After deleting it from Windows\ServicePackFiles\i386 windows gave an error message asking me to restore it from CD, which i ignored, and so far, i think i have got rid of it now as it hasn't come back.

OK, for those ... slow ... people trying to remove this by deleting from here and there, here's the way to stop MSDTC if you think you don't need it.

It's a SERVICE and must be set to DISABLED, so:

1) Start -> Run -> Services.MSC
2) Find "Distributed Transaction Coordinator"
3) Double click the service
4) Press STOP and set Startup Type to DISABLED

Please stop manually deleting from System32 folder unless you know what you're doing...

Well as everyone has stated to stop it and disable it from the Distributed Transaction Coordinator, I have done this yet it continues to run alongside dllhost.exe. I have stopped and disabled all remote access to my computer, yet my System Idle Process remains at 99%.....so what's the next tip......?

i installed one application in my system,every time i have to start the msdtc whenever i shut down and restart the system.
Even the services started,i have to stop and start the service.
give me solution

If I understand correctly msdtc has nothing to do with the average user and disabling it won't hurt operations anywhere on a PC.