Is Msdtc.exe Safe or a Virus?

Msdtc.exe is the core part of the Microsoft Distributed Transaction Coordinator (MSDTC) application. This application from the Microsoft Corporation is basically used to allow multiple client applications to have more than one source of data for a single transaction. The Msdtc.exe process then coordinates distribution across all servers included in the transaction.

Msdtc.exe can run on all Windows platforms. Normally, this application is installed by Windows programs, such as Microsoft SQL Server and Microsoft Personal Web Server that need to use this service. If you have Msdtc.exe on your computer, you most likely have a need for the program and the best thing to do is to allow the application to function as is.

What msdtc.exe basically does is provides a console program to the application that uses it. You can get through the command window that receives the output from the main application through msdtc.exe. Whenever the user starts up the Microsoft Distributed Transaction Coordinator or whenever an application loads this program, msdtc.exe is automatically loaded.

File Information

The known file sizes for msdtc.exe are 6,144 5632 bytes, 20480 and 20992 bytes. Currently, the available version for this file is 2001.12.4414.258. By default, you can find this file in the C:\Windows\System32 folder.

Msdtc.exe Problems

You may receive an error message similar to the one given below:

Windows could not start the Distributed Transaction Coordinator on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073737712.

Additionally, the following entry may be added to Application logs:

Event Type: Error
Event Source: MSDTC
Event Category: LOG
Event ID: 4163
Description: MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

Event Type: Error
Event Source: MSDTC
Event Category: TM
Event ID: 4185
Description: MS DTC Transaction Manager start failed. LogInit returned error 0x5.

The following is another entry that you may find in Application logs:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Cause of the Error

These errors are caused by the MS DTC service’s failure to access the %windir%\System32\Msdtc\Msdtc.log file.

Resolution Method

Two methods may be used to resolve this issue. Perform the methods as required and in the order they are presented.

Method 1: Recreate the MS DTC log

  1. Click Start, select Run, type CMD and press Enter to display the Command Prompt window.
  2. At the command prompt, type msdtc -resetlog and press Enter.
  3. Note that using the msdtc -resetlog command incorrectly can corrupt data. Make sure that there are no current transactions when you use this command. You should be familiar with cmd commands and PC operations to perform this solution.

  4. Type net start msdtc and press Enter.

If this method fails to resolve the issue, proceed to the next method.

Method 2: Set the Logon Account Permissions for the MSDTC Service

  1. Click Start, select Run, type cmd, and then press Enter to display the Services management console window.
  2. Look for Distributed Transaction Coordinator in the Services pane.
  3. Note the account name in the Log on As column. Bear in mind that the default logon account for the MS DTC service is NETWORK SERVICE.
  4. Now, right-click on Distributed Transaction Coordinator and then click Stop.
  5. Open Windows Explorer and navigate to the %windir%\System32\Msdtc folder.
  6. Right-click on the Msdtc.log file and select Properties.
  7. On the Security tab, click the logon account name you noted earlier.
  8. In the Permissions pane, select the check boxes in the Allow column for Read and Execute, Read and Write permissions.
  9. Click OK and then click Yes to confirm your decision.
  10. Right-click on Distributed Transaction Coordinator in the Services window and then click Start.

The methods to resolve the errors shown above are applicable to Microsoft COM+ 1.5 and Microsoft Windows Server 2003, Standard Edition (32-bit x86). You should note which version of Windows you are running on your computer.

You should know that while msdtc.exe is a perfectly valid program, users are not required to run this as a Startup process. Sqlservr.exe, txfaux.dll and the xolehlp.dll are a few of the files associated with msdtc.exe. You can check to see if any of these three processes are running alongside msdtc.exe by pressing Ctrl+Alt+Del to bring up your Task Manager. Click the Processes tab to view the processes that are currently running.

If an application is accessing msdtc.exe do not end the process as this will interfere with the application. If you have no need at all for msdtc.exe then you may disable the process.

Note that msdtc is a service that you may disable but not delete from the system. If you are not using any of the applications that need the msdtc.exe service, disable the service by performing the following steps:

  1. Open the Start menu, select Run, type Services.msc and press Enter.
  2. Look for Distributed Transaction Coordinator and double-click on it to display its properties dialog box.
  3. On the General tab, click Stop.
  4. Set Startup type to Disabled.

Some users fear that the process is either a virus or a Trojan because the service listens on a port. This fear is unfounded as msdtc.exe is a perfectly valid and legitimate file from Microsoft.

However, always make sure that you have the correct and valid file. Be sure to check the location and file sizes to determine if the msdtc.exe file you have is the correct one. Users should also run an anti-virus scan and an anti-spyware scan with reliable and trusted tools to ensure the file’s validity.

Malware can hide themselves using nomenclature similar to legitimate files. If you see a suspicious executable, always run a check. Malware can threaten your system, your security and identity on?many different levels. Always make sure that your online safety, software and identity are not compromised.

If you would like to avoid errors associated with the registry, make sure that you perform regular scans with a recommended registry cleaner like RegServe. This is a simple, easy to use, albeit powerful tool that can root out error causing registry entries and resolve them at the same time. You can also prevent registry bloat which can adversely affect your system’s performance.