What is msdtc.exe? Is msdtc.exe spyware or a virus?

How to fix msdtc.exe related problems?
1. Run Security Task Manager to check your msdtc process
2. Run Windows Repair Tool to repair msdtc.exe related Windows Errors
3. Run MalwareBytes to remove persistent malware

Process name: MS DTC console program

Product: Microsoft Distributed Transaction Coordinator

Company: Microsoft Corporation

File: msdtc.exe

Security Rating:


"msdtc.exe" belongs to Microsoft Distributed Transaction Coordinator. The Microsoft Distributed Transaction Coordinator is a transaction manager which permits client applications to include several different sources of data in one transaction, and which then coordinates committing the distributed transaction across all the servers that are enlisted in the transaction. MSDTC runs on all Windows platforms and is installed by applications which need to use it, such as the Microsoft"s Personal Web Server, or Microsoft SQL Server. http://www.neuber.com/taskmanager/process/msdtc.exe.html 
Recommendation : If you have it running, it is most probably needed by a Microsoft Application, so leave it untouched unless it is definitely causing you problem.
(source)

Get more detailed information about msdtc.exe and all other running background processes with Security Task Manager.

Note: Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection! Check it out!


Click to Run a Free Scan for msdtc.exe related errors


Users Opinions

Average user rating of msdtc.exe: based on 99 votes. Read also the 93 reviews.

  • 939 users ask for this file. 44 users rated it as not dangerous. 3 users rated it as not so dangerous. 27 users rated it as neutral. 14 users rated it as little bit dangerous. 11 users rated it as dangerous. 14 users didn't rate it ("don't know").

All comments about msdtc.exe:
opening port 1025 to korea and other countries and when deleted it re-creates itself i have also verified that sql is not on this system sum1strang
Pops up when compiled my program with MS VB
someone from the netherlands is trying to connect to my machine using this.. I need to know more! john
Part of Microsoft dot NET framework; requires server authorization of port. Crissa Kentavr
Me also at compiling VB. But Why? The Jack
If you are running XP Pro, or have used IIS at all, this process will be present Some Helpful Guy
Also appeared on my machine after compiling VB5 .exe MonkeyTrumpet
got a alert-popup from my Firewall Software when installing .Net Framework 1.1 using WindowsXP UpdateService KrgB
I run sqlserver and it is tagged according to microsoft and found in the sytem folder and unchanged since.... Thomas Noest
Starts up after installation of Microsoft .NET framework = completely harmless. Do check wether it resides in the right directory, if not remove it, if it does it's safe. BurningDog
Appeared when compiling with VB6 Smeghead
my norton antivirus 2005 detected it and it is recognised as some kind of internet worm. BenDover
appeared after doing some speed tests Sheez
If no Database or IIS is used - DISABLE OR START MANUAL. This is the Service "Distributed Transaction Coordiantor" This Service is Buggy - Read it from Link in M$ Knowledgebase (Switch Language)  See also: Link Duke
If no Database or IIS is used - DISABLE OR START MANUAL Duke
is part of the system
was installing quick books which uses a .net 1.1 framework Rzalala
Appears in Zone Alarm when compiling an exe in VB6 Ey!
it automatically attempt to install or uninstall programs my opening msiexec.exe...my virus scanners won't detect it Paul
installed after .Net installation. it is only listening on some TCP Ports but nearly never in use! During Compilation it tries to look for Updates for .Net. You can finde out if you trace the destination IP's not the arriving IPs peter
Ever since I followed a Dell support alert to update IE from the linked Microsoft site this file showed up on my machine, NIS intercepted it, I blocked it, it got on anyway and since then every time I access the internet some remote computer tries to access my machine and my whole system is going to pot. YaYaSisterhood
It is the Distributed Transaction Coordiantor and will allow an aplication to do transactional commits an odbc source connected to a remote database. Unless you are linked up with a remote odbc (under DataSources control pannel) this service will do nothing. The program can be tweeked via the component service snap in and you will be able to assign permissions and access levels there.
Tries to open a server after a VB6 compilation - suspicious - it should NOT be required ! Seymore Butts
Here is instructions to turn this service off temporarily or permantely. (been having server problems, so keep hitting Refresh until you get it!)  See also: Link The Wikster
Another service which I use rarely and is automatic, and listens on a port! Gimme a break... disable or manual! Kempis Curious
this file is part of MS SQL Server 6.5( %MSSQLDIR%/BINN/MSDTC.exe) Michel
not needed just another microsoft screwup for security risk.
It runs with my SQL and my .net 1.1 framework Deathstalker
Appeared with msiexec.exe after SP2 install on Windows XP Pro Graeme
I'm rating this with a danger of two, because ANY program which needs to access internet services creates a vulnerability in a system. Firewalls may allow network activity from trusted programs, though those programs may have been modified. But this is a core problem with internet-enabled operating systems, not MSDTC. Yes, the process listens to a TCP port, but this is not cause for alarm. Many compilers use TCP for communication between processes, as it can be easier (and more portable) than using M$ API functions for doing so. As always, be cautious, but do not waste unwarranted concern. Adrien
What I've seen, it starts immidiately after the strange file "htwl.exe" as a process and through some port connects to some remote comp. None of ad-aware and anti-virus programs detects it. In my oppinion dangerous! Peter
It appeared after I had compiled an exe file in Visual Basic 6. It doesn't appear to be a problem if you "deny" it. My suggestion: chose deny to be on the safe side, but do not remember the setting.  See also: Link Martin Kellerman
don't need it, don't use it. Where can we find info on its necessity? Dancanjam
It is only needed if your system particpates in a distributed transaction system. It is essential for some server systems especially clustered servers. It is not a worm, it is not a virus, it is not dangerous. And EVERY networked service listens on a port, even your precious LINUX.  See also: Link The SQLGuy
Firewall detected incoming connection from this one. Strange, since it was not preceeded by an outcoming connection, e.g. form installed .NET framework.  See also: Link
more M$ crap - inherently dangerous, as is any OS process requiring connection to the internet - do you think that the NSA is ONLY monitoring your phone calls and financial transactions? john
This is a required M$ application. Crawls
this runs with the ati catalyst control centre (which uses the .net framework i believe) meant to be harmless but its a security risk. id recommend disabling it if its not needed. popsycle.
Remove it, along with .net framework. But only if your PWS is valuable to you. 8-) Grubalterus
Part of Microsoft .NET - had to install this first before I could install Kybtec's World Clock taterchip
It needs to be watered 2 to 3 times a week. It can be potty trained. It needs time and affection so do not run it unless you have the time to attend to it. Great for kids!!  See also: Link Husam Mufti
In the VB case it appears to be launched when you have the Component Services Add-In loaded, and you compile. Steve
it seemed to appear after installing Video LAN (and remaining running after closing the app.), it does open some ports and the process can be terminated , probably bad coding on the part of the Vedeo LAN people as the app. does provide setup for streaming etc... Panic
I do not even know the purpose of the file. I have never seen it before, and i have just uninstalled the .NET framework Robert Allen (www.pcwebtalk.com)
Microsoft uses it to spy on you, so that they can sell your info to interested parties. Leave in on: We'd like to know what is on your computer. A Microsoft Employee
I use Mozy Remote Backup, set to automatic backup and this file is needed for that. When i installed the software it asked for permission to turn it on. Ive never needed it for anything else. Ted Whitford
Required for Message Queuing (MSMQ) Happy Hacker
As stated above Microsoft Distributed Transaction Coordinator, typically it should be dormant though some installers/other processes may call on it in as a "plugin". Unless you are hosting directly from your Windows computer, you can just tell your firewall to block it if ever asked. No legitmate process that calls on it, should attempt to use it to connect to an outside source. Though it may attempt a loopback connection using tcp protocols for compiling. default loopback ip address is 127.0.0.1 this may set off firewalls but in fact is not calling outside your machine. Magus
My firewall alarmed me about the file. But i was satisfied after reading information on this page. In my opinion, this file is safe to run. Salman Ansari
appeared at installing .Net 2.0 framework Andrew Ferlitsch
Installed with .NET Framework 1.1.. harmless if in correct DIR Cam
Also "if" the service is needed, the services list offers a properties view if the thing and there it will list any running services that may rely on the thing. If nothing listed, turn it off. :o) wguru
Process runs by default "if" your system deems other services need it, or user may have unnecessarily started the service thru the XP OS's Computer Management, Services and Management, Services list. To turn it off, simply go there and click manual and stop. wguru
seen during MS .NET fw v2.0 install, firewall said acting as server, I choose network access denied w/ no issues, .NET fw 2.0 needed for zoom player install
The file is used to manage transactions on multiple databases. If you are not developing any MSSQL apps you can disable it in your services list. .NET developer
It activated after installing a (P2P) Bittorrent app, so of course various individuals may attempt to access your sharing directories...remove it from your firewall program control (thereby making it re-detectable) and ensure the service is set to "manual" in Component Services. If it's needed by a valid, authorized (by you) application, it will be enabled again. Jon
this file seems to slow down my system radically. Mark Noritsch
Have Windows Live OneCare clock it because when it's enabled I get tons on advertisements. It seems it's always trying to get access. I just enabled it and got the ads again right in the middle of my doing something so I disabled it again--FOR GOOD! Tom
IIS cannot process ASP.NET pages without it. SQL Server cannot install without it. Henrik
 See also: Link
ZoneAlarm is saying that msdtc.exe is trying to act as a server. Source IP: 0.0.0.0:Port 3913. I have no idea what that means. But it doesn't sound good. It's a real pain that ZoneAlarm's so-called "SmartDefense Advisor" doesn't any info about it. AS USUAL!!! It never has any info on ANYTHING!!! Buck S.
Never had this on any of the workstations in my domain. It showed up on a machine that seems to have gotten infeced with some sort of spycrap. It was accompanied by 3 or 4 copies of ntvdm.exe running at 99% of CPU. I'm pretty sure it's a MS component but in this case I'm also pretty sure that it is being used as some sort of exploit. I disabled it. Network Admin
Part of a number of MS database products, is used to managed distributed transactions. Will exist on almost all Visual Studio 2005 installs due to SQL Express installations. Can be set to manual startup for the service. Elliott Whitlow
Looks like this is used by Ahsay Online Backup Manager (and probably by any similar application) Marcus Z
Suspiciously runs trace programs in MS-DOS. Not sure who those trace logs go to. Apparently, disabling is completely fine, so just do that. Tibs
Pops up on Zone Alarm when installing TurboTax 2007 Internet Esquire
Normally harmless, but other malware might use it if you're infected. But by itself harmless - just keep your pc clean ;) kudzudude
IIS 6.0, when run under IIS 5.0 isolation mode requires MSDTC service. Haven't seen any other use with IIS or SQL yet. IIS User
I know enough to know I've blocked it on my firewall. If I can't explain it, I don't want it talking. Ed in San Antonio
There appears to be some sort of spy/adware that uses this exe as its medium - I just recently started having an ad-popup problem (IEx and occasionally Firefox hijacked); this and something called E2E9EAECE9E8E7.exe were the only new things that I noticed after, and nuking this seems to cure the problem. Duneflower
by debugger tools  See also: Link Jim KS
Harmless if it's in %windir%\system32  See also: Link Ed
MSDTC.EXE is Microsoft Remote Desktop Connection. I use it like a VNC client to manage our servers. Known to work on TCP port 3389  See also: Link Lythandar
The purpose of the popup notification that occurs during compilation of VB6 is the DTC or distributed transaction coordinator by msdtc.exe is attempting to distribute a possible database connection.  See also: Link Stanley Morganstein
showed up afgter D&D Online crashed after initial install, and after being in the game for 20 minutes. jey
it is coming up as an error on my event viewer. it is very annoying and microsoft should fix it. GABRIELLE RANKL
slows down loading of Excel for the 1st time Fernando F
When browsing with Firefox, a firewall popup asked be if I want to block it. Yes - windows crash. And now I cannot boot Windows (black screen in default mode, blue screen in debug mode) Yannick
Nothing is harmless, esp from M$. So if it's not directly required then it should be disabled via servicing, as well as unfamous BITs. Billy
this rotter drive me crazy!I can'y runthe process and RAM memory consumption rising to the sky Petko Vassilev
very nasty creature,now appears some error for missing log file.I read a lot a information in MSDN for recovering ,but there's no effect.Never mind,the system is runnng perfectly. Petyo123
Microsoft Distributed Transaction Coordinator  See also: Link Sayan
It definitely seems connected to the sqlserver, but when it gets active on the internet, if I start up a network monitoring app a watch what kind of traffic ic being sent back and forth I have discovered that it is sending and receiving password attempts on either this computer or a remote computer. I am not sure which , either way I don't like the implications. In my opinion I believe it is being used for bad. gmz77
MSDTC.exe is indeed part of the OS, but only in the correct folder (system32 folder). We've seen it elsewhere (system folder) which is then part of servu attack (highly dangerous). josh
I fund out how to restart the service.THe people from Redmond has detailed explanation how to do this.The key is to know whwre to sear this useful information Petko Vassilev
Activated when I began Warcraft Download which is a big distributed peer to peer download. The Lich King
it is used with antivir personal, uninstall avp will clear ist
I think WinRAR uses it for processing archive divided in "parts"...... based on wht u guys said I turned off the interent and it still maintained its usage... and Mind you its a non-capital "msdtc.exe"..... Dhruv Dhamani
I have discovered the MS ONENOTE also can run this process.
Using if you use in scope on transaction locking, .net Resta
"Microsoft Distributed Transaction Coordinator", also ein Windows-Systemdienst. p5ych0
This is a virus .
Is running on my Vista Sp2 machine in root, also my AV detector tells me, in appdata directories for every non%username% there is! That's Public,All Users etc. Problem is that these directories do not have an Appdata folder... BenTrotter

If you know more about msdtc.exe, share your knowledge and help other users.

Security Rating:
Your opinion about this file:
Web page with more details:
Your first name:
 


More process information

Is msdtc.exe spyware or a virus, trojans, adware or worm? Is there a known msdtc.exe error?


Other Processes

msdtc.exe
[msdtc.exe in German] [all processes]