| All comments about msdtc.exe: |
 | opening port 1025 to korea and other countries and when deleted it re-creates itself i have also verified that sql is not on this system sum1strang |
 | Pops up when compiled my program with MS VB |
 | someone from the netherlands is trying to connect to my machine using this.. I need to know more! john |
| Part of Microsoft dot NET framework; requires server authorization of port. Crissa Kentavr |
 | Me also at compiling VB. But Why? The Jack |
| If you are running XP Pro, or have used IIS at all, this process will be present Some Helpful Guy |
| Also appeared on my machine after compiling VB5 .exe MonkeyTrumpet |
| got a alert-popup from my Firewall Software when installing .Net Framework 1.1 using WindowsXP UpdateService KrgB |
| I run sqlserver and it is tagged according to microsoft and found in the sytem folder and unchanged since.... Thomas Noest |
| Starts up after installation of Microsoft .NET framework = completely harmless. Do check wether it resides in the right directory, if not remove it, if it does it's safe. BurningDog |
| Appeared when compiling with VB6 Smeghead |
| my norton antivirus 2005 detected it and it is recognised as some kind of internet worm. BenDover |
 | appeared after doing some speed tests Sheez |
| If no Database or IIS is used - DISABLE OR START MANUAL. This is the Service "Distributed Transaction Coordiantor" This Service is Buggy - Read it from Link in M$ Knowledgebase (Switch Language) See also: Link Duke |
| If no Database or IIS is used - DISABLE OR START MANUAL Duke |
| is part of the system |
| was installing quick books which uses a .net 1.1 framework Rzalala |
| Appears in Zone Alarm when compiling an exe in VB6 Ey! |
| it automatically attempt to install or uninstall programs my opening msiexec.exe...my virus scanners won't detect it Paul |
 | installed after .Net installation. it is only listening on some TCP Ports but nearly never in use! During Compilation it tries to look for Updates for .Net. You can finde out if you trace the destination IP's not the arriving IPs peter |
| Ever since I followed a Dell support alert to update IE from the linked Microsoft site this file showed up on my machine, NIS intercepted it, I blocked it, it got on anyway and since then every time I access the internet some remote computer tries to access my machine and my whole system is going to pot. YaYaSisterhood |
| It is the Distributed Transaction Coordiantor and will allow an aplication to do transactional commits an odbc source connected to a remote database. Unless you are linked up with a remote odbc (under DataSources control pannel) this service will do nothing. The program can be tweeked via the component service snap in and you will be able to assign permissions and access levels there. |
| Tries to open a server after a VB6 compilation - suspicious - it should NOT be required ! Seymore Butts |
| Here is instructions to turn this service off temporarily or permantely. (been having server problems, so keep hitting Refresh until you get it!) See also: Link The Wikster |
| Another service which I use rarely and is automatic, and listens on a port! Gimme a break... disable or manual! Kempis Curious |
| this file is part of MS SQL Server 6.5( %MSSQLDIR%/BINN/MSDTC.exe) Michel |
| not needed just another microsoft screwup for security risk. |
| It runs with my SQL and my .net 1.1 framework Deathstalker |
| Appeared with msiexec.exe after SP2 install on Windows XP Pro Graeme |
| I'm rating this with a danger of two, because ANY program which needs to access internet services creates a vulnerability in a system. Firewalls may allow network activity from trusted programs, though those programs may have been modified. But this is a core problem with internet-enabled operating systems, not MSDTC. Yes, the process listens to a TCP port, but this is not cause for alarm. Many compilers use TCP for communication between processes, as it can be easier (and more portable) than using M$ API functions for doing so. As always, be cautious, but do not waste unwarranted concern. Adrien |
| What I've seen, it starts immidiately after the strange file "htwl.exe" as a process and through some port connects to some remote comp. None of ad-aware and anti-virus programs detects it. In my oppinion dangerous! Peter |
| It appeared after I had compiled an exe file in Visual Basic 6. It doesn't appear to be a problem if you "deny" it. My suggestion: chose deny to be on the safe side, but do not remember the setting. See also: Link Martin Kellerman |
| don't need it, don't use it. Where can we find info on its necessity? Dancanjam |
| It is only needed if your system particpates in a distributed transaction system. It is essential for some server systems especially clustered servers. It is not a worm, it is not a virus, it is not dangerous. And EVERY networked service listens on a port, even your precious LINUX. See also: Link The SQLGuy |
| Firewall detected incoming connection from this one. Strange, since it was not preceeded by an outcoming connection, e.g. form installed .NET framework. See also: Link |
| more M$ crap - inherently dangerous, as is any OS process requiring connection to the internet - do you think that the NSA is ONLY monitoring your phone calls and financial transactions? john |
| This is a required M$ application. Crawls |
| this runs with the ati catalyst control centre (which uses the .net framework i believe) meant to be harmless but its a security risk. id recommend disabling it if its not needed. popsycle. |
| Remove it, along with .net framework. But only if your PWS is valuable to you. 8-) Grubalterus |
| Part of Microsoft .NET - had to install this first before I could install Kybtec's World Clock taterchip |
| It needs to be watered 2 to 3 times a week. It can be potty trained. It needs time and affection so do not run it unless you have the time to attend to it. Great for kids!! See also: Link Husam Mufti |
| In the VB case it appears to be launched when you have the Component Services Add-In loaded, and you compile. Steve |
| it seemed to appear after installing Video LAN (and remaining running after closing the app.), it does open some ports and the process can be terminated , probably bad coding on the part of the Vedeo LAN people as the app. does provide setup for streaming etc... Panic |
| I do not even know the purpose of the file. I have never seen it before, and i have just uninstalled the .NET framework Robert Allen (www.pcwebtalk.com) |
| Microsoft uses it to spy on you, so that they can sell your info to interested parties. Leave in on: We'd like to know what is on your computer. A Microsoft Employee |
| I use Mozy Remote Backup, set to automatic backup and this file is needed for that. When i installed the software it asked for permission to turn it on. Ive never needed it for anything else. Ted Whitford |
| Required for Message Queuing (MSMQ) Happy Hacker |
| As stated above Microsoft Distributed Transaction Coordinator, typically it should be dormant though some installers/other processes may call on it in as a "plugin". Unless you are hosting directly from your Windows computer, you can just tell your firewall to block it if ever asked. No legitmate process that calls on it, should attempt to use it to connect to an outside source. Though it may attempt a loopback connection using tcp protocols for compiling. default loopback ip address is 127.0.0.1 this may set off firewalls but in fact is not calling outside your machine. Magus |
| My firewall alarmed me about the file. But i was satisfied after reading information on this page. In my opinion, this file is safe to run. Salman Ansari |
| appeared at installing .Net 2.0 framework Andrew Ferlitsch |
| Installed with .NET Framework 1.1.. harmless if in correct DIR Cam |
| Also "if" the service is needed, the services list offers a properties view if the thing and there it will list any running services that may rely on the thing. If nothing listed, turn it off. :o) wguru |
| Process runs by default "if" your system deems other services need it, or user may have unnecessarily started the service thru the XP OS's Computer Management, Services and Management, Services list. To turn it off, simply go there and click manual and stop. wguru |
| seen during MS .NET fw v2.0 install, firewall said acting as server, I choose network access denied w/ no issues, .NET fw 2.0 needed for zoom player install |
| The file is used to manage transactions on multiple databases. If you are not developing any MSSQL apps you can disable it in your services list. .NET developer |
| It activated after installing a (P2P) Bittorrent app, so of course various individuals may attempt to access your sharing directories...remove it from your firewall program control (thereby making it re-detectable) and ensure the service is set to "manual" in Component Services. If it's needed by a valid, authorized (by you) application, it will be enabled again. Jon |
| this file seems to slow down my system radically. Mark Noritsch |
| Have Windows Live OneCare clock it because when it's enabled I get tons on advertisements. It seems it's always trying to get access. I just enabled it and got the ads again right in the middle of my doing something so I disabled it again--FOR GOOD! Tom |
| IIS cannot process ASP.NET pages without it. SQL Server cannot install without it. Henrik |
| See also: Link |
| ZoneAlarm is saying that msdtc.exe is trying to act as a server. Source IP: 0.0.0.0:Port 3913. I have no idea what that means. But it doesn't sound good. It's a real pain that ZoneAlarm's so-called "SmartDefense Advisor" doesn't any info about it. AS USUAL!!! It never has any info on ANYTHING!!! Buck S. |
| Never had this on any of the workstations in my domain. It showed up on a machine that seems to have gotten infeced with some sort of spycrap. It was accompanied by 3 or 4 copies of ntvdm.exe running at 99% of CPU. I'm pretty sure it's a MS component but in this case I'm also pretty sure that it is being used as some sort of exploit. I disabled it. Network Admin |
| Part of a number of MS database products, is used to managed distributed transactions. Will exist on almost all Visual Studio 2005 installs due to SQL Express installations. Can be set to manual startup for the service. Elliott Whitlow |
| Looks like this is used by Ahsay Online Backup Manager (and probably by any similar application) Marcus Z |
| Suspiciously runs trace programs in MS-DOS. Not sure who those trace logs go to. Apparently, disabling is completely fine, so just do that. Tibs |
| Pops up on Zone Alarm when installing TurboTax 2007 Internet Esquire |
| Normally harmless, but other malware might use it if you're infected. But by itself harmless - just keep your pc clean ;) kudzudude |
| IIS 6.0, when run under IIS 5.0 isolation mode requires MSDTC service. Haven't seen any other use with IIS or SQL yet. IIS User |
| I know enough to know I've blocked it on my firewall. If I can't explain it, I don't want it talking. Ed in San Antonio |
| There appears to be some sort of spy/adware that uses this exe as its medium - I just recently started having an ad-popup problem (IEx and occasionally Firefox hijacked); this and something called E2E9EAECE9E8E7.exe were the only new things that I noticed after, and nuking this seems to cure the problem. Duneflower |
| by debugger tools See also: Link Jim KS |
| Harmless if it's in %windir%\system32 See also: Link Ed |
| MSDTC.EXE is Microsoft Remote Desktop Connection. I use it like a VNC client to manage our servers. Known to work on TCP port 3389 See also: Link Lythandar |
| The purpose of the popup notification that occurs during compilation of VB6 is the DTC or distributed transaction coordinator by msdtc.exe is attempting to distribute a possible database connection. See also: Link Stanley Morganstein |
| showed up afgter D&D Online crashed after initial install, and after being in the game for 20 minutes. jey |
| it is coming up as an error on my event viewer. it is very annoying and microsoft should fix it. GABRIELLE RANKL |
| slows down loading of Excel for the 1st time Fernando F |
| When browsing with Firefox, a firewall popup asked be if I want to block it. Yes - windows crash. And now I cannot boot Windows (black screen in default mode, blue screen in debug mode) Yannick |
| Nothing is harmless, esp from M$. So if it's not directly required then it should be disabled via servicing, as well as unfamous BITs. Billy |
| this rotter drive me crazy!I can'y runthe process and RAM memory consumption rising to the sky Petko Vassilev |
| very nasty creature,now appears some error for missing log file.I read a lot a information in MSDN for recovering ,but there's no effect.Never mind,the system is runnng perfectly. Petyo123 |
| Microsoft Distributed Transaction Coordinator See also: Link Sayan |
| It definitely seems connected to the sqlserver, but when it gets active on the internet, if I start up a network monitoring app a watch what kind of traffic ic being sent back and forth I have discovered that it is sending and receiving password attempts on either this computer or a remote computer. I am not sure which , either way I don't like the implications. In my opinion I believe it is being used for bad. gmz77 |
| MSDTC.exe is indeed part of the OS, but only in the correct folder (system32 folder). We've seen it elsewhere (system folder) which is then part of servu attack (highly dangerous). josh |
| I fund out how to restart the service.THe people from Redmond has detailed explanation how to do this.The key is to know whwre to sear this useful information Petko Vassilev |
| Activated when I began Warcraft Download which is a big distributed peer to peer download. The Lich King |
| it is used with antivir personal, uninstall avp will clear ist |
| I think WinRAR uses it for processing archive divided in "parts"...... based on wht u guys said I turned off the interent and it still maintained its usage... and Mind you its a non-capital "msdtc.exe"..... Dhruv Dhamani |
| I have discovered the MS ONENOTE also can run this process. |
| Using if you use in scope on transaction locking, .net Resta |
| "Microsoft Distributed Transaction Coordinator", also ein Windows-Systemdienst. p5ych0 |
| This is a virus . |
|
|
based on 99 votes. Read also the 92 reviews.