| All comments about msdtc.exe: |
 sum1strang@rocketmail.com | opening port 1025 to korea and other countries and when deleted it re-creates itself i have also verified that sql is not on this system |
 | Pops up when compiled my program with MS VB |
 john | someone from the netherlands is trying to connect to my machine using this.. I need to know more! |
| Crissa Kentavr | Part of Microsoft dot NET framework; requires server authorization of port. |
 The Jack | Me also at compiling VB. But Why? |
| Some Helpful Guy | If you are running XP Pro, or have used IIS at all, this process will be present |
| MonkeyTrumpet | Also appeared on my machine after compiling VB5 .exe |
| KrgB | got a alert-popup from my Firewall Software when installing .Net Framework 1.1 using WindowsXP UpdateService |
| Thomas Noest | I run sqlserver and it is tagged according to microsoft and found in the sytem folder and unchanged since.... |
| BurningDog | Starts up after installation of Microsoft .NET framework = completely harmless. Do check wether it resides in the right directory, if not remove it, if it does it's safe. |
 ein vb-entwickler | wenn ein programm mit vb 6.0 fertig kompiliert ist, dann versucht das programm auf port 2150 als server zu agieren. ist mir schleierhaft, warum er das tut, vielleicht hat es was mit einem integrierten versionierungs-"teil" zu tun, das aber dann undokumentiert wäre. sollte das programm an anderen punkten auftauchen, halte ich spyware unter gleichem namen möglich. die korrekte app-version ist (bei mir für vb6sp6) 2001.12.4414.42, alles was nicht diese version trägt ist suspekt, alles was nicht den port 2150 benutzt äusserst suspekt. vb6 stört sich übrigens nicht daran, wenn man ms dtc aussperrt. |
| Smeghead | Appeared when compiling with VB6 |
| BenDover | my norton antivirus 2005 detected it and it is recognised as some kind of internet worm. |
| Sheez | appeared after doing some speed tests |
| Duke | If no Database or IIS is used - DISABLE OR START MANUAL. This is the Service "Distributed Transaction Coordiantor" This Service is Buggy - Read it from Link in M$ Knowledgebase (Switch Language) See also: Link |
| Duke | If no Database or IIS is used - DISABLE OR START MANUAL |
| | is part of the system |
| Rzalala | was installing quick books which uses a .net 1.1 framework |
| Ey! | Appears in Zone Alarm when compiling an exe in VB6 |
| Paul | it automatically attempt to install or uninstall programs my opening msiexec.exe...my virus scanners won't detect it |
 peter | installed after .Net installation. it is only listening on some TCP Ports but nearly never in use! During Compilation it tries to look for Updates for .Net. You can finde out if you trace the destination IP's not the arriving IPs |
| YaYaSisterhood | Ever since I followed a Dell support alert to update IE from the linked Microsoft site this file showed up on my machine, NIS intercepted it, I blocked it, it got on anyway and since then every time I access the internet some remote computer tries to access my machine and my whole system is going to pot. |
| | It is the Distributed Transaction Coordiantor and will allow an aplication to do transactional commits an odbc source connected to a remote database. Unless you are linked up with a remote odbc (under DataSources control pannel) this service will do nothing. The program can be tweeked via the component service snap in and you will be able to assign permissions and access levels there. |
| Seymore Butts | Tries to open a server after a VB6 compilation - suspicious - it should NOT be required ! |
| The Wikster | Here is instructions to turn this service off temporarily or permantely. (been having server problems, so keep hitting Refresh until you get it!) See also: Link |
| Kempis Curious | Another service which I use rarely and is automatic, and listens on a port! Gimme a break... disable or manual! |
| Michel | this file is part of MS SQL Server 6.5( %MSSQLDIR%/BINN/MSDTC.exe) |
| | not needed just another microsoft screwup for security risk. |
| Deathstalker | It runs with my SQL and my .net 1.1 framework |
| Graeme | Appeared with msiexec.exe after SP2 install on Windows XP Pro |
| Adrien | I'm rating this with a danger of two, because ANY program which needs to access internet services creates a vulnerability in a system. Firewalls may allow network activity from trusted programs, though those programs may have been modified. But this is a core problem with internet-enabled operating systems, not MSDTC. Yes, the process listens to a TCP port, but this is not cause for alarm. Many compilers use TCP for communication between processes, as it can be easier (and more portable) than using M$ API functions for doing so. As always, be cautious, but do not waste unwarranted concern. |
| Peter | What I've seen, it starts immidiately after the strange file "htwl.exe" as a process and through some port connects to some remote comp. None of ad-aware and anti-virus programs detects it. In my oppinion dangerous! |
| Martin Kellerman | It appeared after I had compiled an exe file in Visual Basic 6. It doesn't appear to be a problem if you "deny" it. My suggestion: chose deny to be on the safe side, but do not remember the setting. See also: Link |
| Dancanjam | don't need it, don't use it. Where can we find info on its necessity? |
| The SQLGuy | It is only needed if your system particpates in a distributed transaction system. It is essential for some server systems especially clustered servers. It is not a worm, it is not a virus, it is not dangerous. And EVERY networked service listens on a port, even your precious LINUX. See also: Link |
| | Firewall detected incoming connection from this one. Strange, since it was not preceeded by an outcoming connection, e.g. form installed .NET framework. See also: Link |
| john | more M$ crap - inherently dangerous, as is any OS process requiring connection to the internet - do you think that the NSA is ONLY monitoring your phone calls and financial transactions? |
| Crawls | This is a required M$ application. |
| popsycle. | this runs with the ati catalyst control centre (which uses the .net framework i believe) meant to be harmless but its a security risk. id recommend disabling it if its not needed. |
| Grubalterus | Remove it, along with .net framework. But only if your PWS is valuable to you. 8-) |
| taterchip | Part of Microsoft .NET - had to install this first before I could install Kybtec's World Clock |
| Husam Mufti | It needs to be watered 2 to 3 times a week. It can be potty trained. It needs time and affection so do not run it unless you have the time to attend to it. Great for kids!! See also: Link |
| Steve | In the VB case it appears to be launched when you have the Component Services Add-In loaded, and you compile. |
| Panic | it seemed to appear after installing Video LAN (and remaining running after closing the app.), it does open some ports and the process can be terminated , probably bad coding on the part of the Vedeo LAN people as the app. does provide setup for streaming etc... |
| Robert Allen (www.pcwebtalk.com) | I do not even know the purpose of the file. I have never seen it before, and i have just uninstalled the .NET framework |
| A Microsoft Employee | Microsoft uses it to spy on you, so that they can sell your info to interested parties. Leave in on: We'd like to know what is on your computer. |
| Ted Whitford | I use Mozy Remote Backup, set to automatic backup and this file is needed for that. When i installed the software it asked for permission to turn it on. Ive never needed it for anything else. |
| Happy Hacker | Required for Message Queuing (MSMQ) |
| Magus | As stated above Microsoft Distributed Transaction Coordinator, typically it should be dormant though some installers/other processes may call on it in as a "plugin". Unless you are hosting directly from your Windows computer, you can just tell your firewall to block it if ever asked. No legitmate process that calls on it, should attempt to use it to connect to an outside source. Though it may attempt a loopback connection using tcp protocols for compiling. default loopback ip address is 127.0.0.1 this may set off firewalls but in fact is not calling outside your machine. |
| Salman Ansari | My firewall alarmed me about the file. But i was satisfied after reading information on this page. In my opinion, this file is safe to run. |
| Andrew Ferlitsch | appeared at installing .Net 2.0 framework |
| Cam | Installed with .NET Framework 1.1.. harmless if in correct DIR |
| wguru | Also "if" the service is needed, the services list offers a properties view if the thing and there it will list any running services that may rely on the thing. If nothing listed, turn it off. :o) |
| wguru | Process runs by default "if" your system deems other services need it, or user may have unnecessarily started the service thru the XP OS's Computer Management, Services and Management, Services list. To turn it off, simply go there and click manual and stop. |
| | seen during MS .NET fw v2.0 install, firewall said acting as server, I choose network access denied w/ no issues, .NET fw 2.0 needed for zoom player install |
| .NET developer | The file is used to manage transactions on multiple databases. If you are not developing any MSSQL apps you can disable it in your services list. |
| Jon | It activated after installing a (P2P) Bittorrent app, so of course various individuals may attempt to access your sharing directories...remove it from your firewall program control (thereby making it re-detectable) and ensure the service is set to "manual" in Component Services. If it's needed by a valid, authorized (by you) application, it will be enabled again. |
| Mark Noritsch | this file seems to slow down my system radically. |
|
|
