What is Msdtc.exe

Distributed Transaction Coordinator - Microsoft Distributed Transaction Coordinator - Microsoft Corporation

File description

Msdtc.exe with description Distributed Transaction Coordinator is a process file from company Microsoft Corporation belonging to product Microsoft Distributed Transaction Coordinator.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is msdtc.exe?
This is the Microsoft Distributed Transaction Coordinator. It is installed with many Microsoft products, including Microsoft SQL Server, IIS, the .NET Framework, and Visual Basic 6. Its purpose is to allow client applications to coordinate sources of data to be used in one transaction (e.g., performing a database update with data from multiple sources).

This process is not essential to the operation of the system but should not be disabled unless it is causing problems. By killing this process, you will lose the coordination functionality, which may cause problems with the applications that make use of it. Do not delete this executable, as it may render various pieces of software unusable, including Visual Studio, IIS, or the .NET Framework. The screenshot below illustrates how it should appear in the Task Manager:



Although in this screenshot msdtc.exe is running as the current user (in this case, Mike), it can conceivably run as any user. A process with this name running as a different user is not necessarily indicative of a malware infection.

Dangers of msdtc
As this is a legitimate executable that comes with many Microsoft products and is therefore installed on many systems, it is possible for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files may have the same name as this process but be stored somewhere other than in %SystemRoot%\System32. Other malware may use a name that appears similar to that of the legitimate one but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as msdtc.exe:
  • W32/Stap (%ProgramFiles%)
    • This is a mass-mailing worm that is also able to spread via open network shares.
  • W32/Hupigo-SJ (%SystemRoot%\System32\Com, %SystemRoot%\System32\Com\msdtc.dll)
    • This is a Trojan horse that allows a remote attacker to take over an infected machine. It registers itself as a system driver service named MSDCT (the c and the t are transposed versus the name of the executable and DLL).
  • W32/Hupigo-SJ (%SystemRoot%\System32)
    • This is a Trojan horse that can communicate with a remote server via HTTP and can allow a remote attacker to take over an infected machine.
  • Troj/HaxDrop-A (%Temp%)
  • Troj/Bckdr-QKM (%SystemRoot%\System32)
There not should typically be more than one instance of msdtc.exe running at a given time on a system. The presence of multiple instances may be an indicator of a malware infection.

Common problems
  • This program tries to listen on port 2150
    • While this behavior is known to occur in the real process, you should ensure that your system is not infected with a virus.
  • This process runs when compiling a Visual Basic 6 program
    • This is normal behavior.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
010 Installed services

Digital signatures found for this file

    Certificate 
63 Microsoft Windows Component Publisher - Microsoft Timestamping Service
38 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
18 Microsoft Windows - Microsoft Time-Stamp Service
17 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
11 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service CA SW1
7 Microsoft Windows Publisher - VeriSign Time Stamping Service
6 Microsoft Windows - Microsoft Timestamping Service
5 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
3 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service CA SW1
3 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
3 Microsoft Windows 2000 Publisher - NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
2 Microsoft Windows 2000 Publisher (Europe) - NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
2 Microsoft Windows - VeriSign Time Stamping Services Signer
1 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer
1 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Services Signer

MD5 security rating in our database

1221 files (Not yet rated and not signed)
2 files (Not yet rated and digitally signed)
9 files (Safe and not signed)
208 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to msdtc.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of msdtc.exe: by 1440 files and users.

Application errors

Fix msdtc.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.


Please add your comments if you have more information about this file or if you know how to solve msdtc.exe application errors.


File safety :

File security rating :

Are you human? How much is 19+23:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

msdtcc.exe msdtm.exe msdts.exe
msdtsf.exe MsDtsSrvr.exe msdv.sys
msdx.dll msdxm.ocx Msdxm6.ocx
mse7.exe mseam.sys msearch.exe

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.