|
Summary: Fortunately msdtc.exe is not a virus - it's a part of a couple of Windows applications.
Nope, not at all. • MSDTC.EXE is a part of a couple of Windows applications. It's the "Distributed Transaction Coordinator". It manages, as you might guess, transactions which are distributed across multiple servers. Article 2067 | Posted February 12, 2005 |
Popular & Hot How do I make a new MSN Hotmail account? How do I delete history items from my Google tool bar? My desktop Recycle Bin has disappeared - why, and how do I get it back? How do I change my MSN Hotmail password? I accidentally deleted my Recycle Bin in Vista - how do I get it back? New & Important How can I get the old Windows Live Hotmail back? Internet Safety: How do I keep my computer safe on the internet? Are free email services worth it? Would you please recover my password? My account has been hacked or I've forgotten it.
Stay Informed Archives Advertisers |
|
•
i have windows 2000 with no upgraded service pack but somehow this managed to make it onto my system and you cant shut it down with the process manager. so a simple work around click start / run then type services.msc then hit enter look for Distributed Transaction Coordinator it should say status : started click [stop] then click logon
Posted by: virtualshogun at September 1, 2007 8:58 PMtab at the top it should say something like profile1 [enable] [disable] click diable and be done with it. hope that helps everyone.
I found this service running on my box as well, never happened before today. Easy enough to stop though (Win XP Pro w/SP2) Start/All Programs/Administrative Tools/Component Services. Click on Component Services/Computer/My Computer. Right click on My Computer and choose properties, there will be a MSDTC tab. Click on this and then stop the service there. It never started again. I really do not know what the service is for but I have never seen it before and I guess I do not need it running all of the time. Hope this helps everyone out.
John
John
Posted by: John Price at October 17, 2007 9:38 PMmsdtc is what I found to be the source of the incredible slowdown that started a few months ago. Have to ctrl-alt-delete- kill it, and machine goes back to normal. I found this info, which is the ONLY useful info to date about it.
MS05-051 POC Exploit
A proof of concept (PoC) exploit was released against systems vulnerable
to MS05-051. MS05-051 was released in October. The vulnerability does allow for
arbitrary code execution in systems with the Microsoft Distriuted Transaction Coordinator (MSDTC) enabled.
In order to disable MSDTC, enter the following command:
sc stop MSDTC & sc config MSDTC start= disabled
By default, port 3372 is used by the exploit. The packet send will cause a denial of service condition. At this point, we see only little activity at port 3372, likely due to the fact that this PoC exploit does not actually execute any “useful” code.
Posted by: Jf at March 31, 2008 4:08 PMI also have msdtc.exe slowing down my PC. It always appears together with 2 instances of dllhost.exe. I have tried renaming it (it is found in in Windows\ststem32) but when i do that a new copy of that msdtc.exe file appears in my system32 folder. When i delete that, it appears again in a coupe of seconds, i don't know where it comes from.
The only way i have been able to stop it is to delete it and quickly rename a copy of a different file as msdtc.exe, i used a copy of wordpad.exe. That stopped msdtc from loading and slowing down my computer because whatever virus was using it would then try to start wordpad and it won't work for whatever evil scheme it is trying to pull off.
Posted by: bengtang at April 28, 2008 5:53 PMMore MSDTC weirdness, after make a fake msdtc.exe out of a copy of wordpad.exe, i again tried deleting the fake one, and hey presto, it reappeard in system32 folder, but the one that reappeared was the fake on i had just deleted!
i.e. the file i deleted and which reappeared is wordpad renamed as msdtc. It seems that whatever it is part of makes a backup copy of msdtc.exe from system32 folder, and restores it if you delete it.
Also, in my system32 folder is a sub directory named MsDtc which contains a MSDTC.log file and a subdirectory called Trace which contains dtctrace.log and over a hundred dtctrace.log.2008.**** files, which have time spamps as part of the filename. It looks like MSDTC is keeping some kind of trace of lo, but i don't know of what. The files are not text files. Could it be some kind of key logger?
Posted by: bengtang at April 28, 2008 8:26 PMTypo: i meant "time stamps" and "some kind of trace or log".
Anyway, i found that when i deleted msdtc.exe from system32 folder, it was restoring msdtc.exe from system32\dllcache folder, but when i deleted it from both dllcache and system32 folders, it still reappeared within a few seconds, restored from somewhere else. After searching Windows directory for msdtc.exe i found it also in Windows\ServicePackFiles\i386 and also a similar named file in windows\prefetch called MSDTC.EXE-165575FA.pf
After deleting it from Windows\ServicePackFiles\i386 windows gave an error message asking me to restore it from CD, which i ignored, and so far, i think i have got rid of it now as it hasn't come back.
Posted by: bengtang at April 29, 2008 3:12 AMOK, for those ... slow ... people trying to remove this by deleting from here and there, here's the way to stop MSDTC if you think you don't need it.
It's a SERVICE and must be set to DISABLED, so:
1) Start -> Run -> Services.MSC
2) Find "Distributed Transaction Coordinator"
3) Double click the service
4) Press STOP and set Startup Type to DISABLED
Please stop manually deleting from System32 folder unless you know what you're doing...
Posted by: Stephen2 at August 20, 2008 10:00 PMWell as everyone has stated to stop it and disable it from the Distributed Transaction Coordinator, I have done this yet it continues to run alongside dllhost.exe. I have stopped and disabled all remote access to my computer, yet my System Idle Process remains at 99%.....so what's the next tip......?
Posted by: Erica at September 4, 2008 11:10 PMi installed one application in my system,every time i have to start the msdtc whenever i shut down and restart the system.
Posted by: vijayan at October 22, 2008 4:04 AMEven the services started,i have to stop and start the service.
give me solution
If I understand correctly msdtc has nothing to do with the average user and disabling it won't hurt operations anywhere on a PC.
22-Nov-2008
Posted by: candyman1 at November 21, 2008 7:06 AM