Removing the iosdt.exe process

I went on msn chat forums and hooked up with a fellow who helped me get rid of the trojan iosdt.exe.

1. Get "Process Explorer ver8.10" utility from http://www.sysinternals.com/ and dnlaod to you computer. This a utility that allows you to kill the

iosdt.exe process

2. Then dnload Hijackthis utility and scanned. Among the list there was a couple of things that he wanted me to fix. In my scan results these

were the three things to fix...these might be different from what you might have, however; look for these things.

RO - HKLM\Software\Microsoft\InternetExplorer\Search,SearchAssistant = http://www.internet-search.info/searchbar

F2 - REG:System.ini : Shell = Explorer.exe

02- BHO: (no name) - {53707962 - 6F74 - 2D53 - 2644 - 206D79424884F} - D:\SPYBOT ~1\SDHELPER.dll (FIle Missing)

3. If you see these three entries, check the box to the left of them and have them fixed.

4. After that rescan to see if they are still there if not, [which they shouldn't be] proceed to next step

5. Go to Start > Run > [type] services.msc > enter

6. Look for "distributed.net client" on the left hand side of the window. It'll appear under "NAME" When you found it, dbl click on it and under

the "STARTUP TYPE" scroll down to "DISABLE ".
and apply. If the apply button is not highlighted, then just hit "OK ".

7. Close the services.msc window and restart your computer.

8. Once you get back onto your dsktop, got to the tskmgr and see if the iosdt.exe process is still there...[it shouldn't be]

9. Now got to your c:drive and locate C:\WINNT\System32\iosdt.exe . If you didn't find it, go to My Computer and open.
At the top of the window go to TOOLS>FOLDER OPTIONS, then to the "VIEW" tab. Scroll down and tick - "Show Hidden Files and Folders" and uncheck

"Hide Protected Operating System files (Recommended). A warning box will appear it's ok bypass and proceed. Close all windows in My Computer.

10. Next, go back to Start>Search> For Files and Folders, hit enter. When you search, make sure you are looking in all the drives. In the search

field, type, iosdt.exe, and hit enter

11. a cow or bull icon should appear in the list of entries found. open it and delete all the contents inside. {MAKE SURE YOU DELETE THEM FROM

YOUR RECYCLE BIN- VERY IMPORTANT)

12. then go back to the search window and delete all other entries that the search found. AGAIN MAKE SURE YOU DELETE THE ENTRIES FORM YOUR RECYCLE

BIN.

13. Then do a regedit search. and type iosdt.exe in the "FIND" box, under the "EDIT" tab on top.
hit enter. If you find more entries realting to iosdt.exe, it's probably because of the search entries you used to find it in the search for

files and folders window. In any case delete them all. Once you've done that, restart your computer.

14. Look again in the tskmgr upon boot up to dsktop, for the iosdt.exe process. IT SHOULDN'T BE THERE !

15. I recommmend scanning your computer in all drives with trendmicro's sysclean utility. Here's the link

http://www.trendmicro.com/download/dcs.asp Then dnload the lastest patch which should be > ptn700.zip



Finally it's gone

 

Nice info layout. Thanks. Should certainly allow the next person on here with that problem to cure it.

 

Hello layout,

*This a utility that allows you to kill the iosdt.exe process*

Wondering if you tried to kill iosdt.exe with the Task Manager first. You say its listed there if present.

BTW, I have this utility.

Regards - Charles

 

hey charles...

I did try to end the process in the Tskmgr by both commands: "End Process" & " End Process Tree ". I was denied access on both accounts.

Thats when I dnloaded the utility from... http://www.sysinternals.com/

If you have this trojan...it will show up in both the tskmgr & the utility - Process Explorer.

 

*I did try to end the process in the Tskmgr by both commands: "End Process" & " End Process Tree ". I was denied access on both accounts.*

Thanks layout - good to know.

And thanks for posting the solution, good future reference.

Regards - Charles