iosdt.exe

ctrl/alt/delete and task manager processes reveal i have iosdt.exe using 95% CPU

i typed in iosdt.exe into google and came to...

http://www.distributed.net/trojans.php

read the below info and want to know how do i remove it.

[Oct 2003] A trojan claiming to be a "Product Activation" tool is in circulation. It installs in system32\iosdt\. The id is nordom@o2.pl. It emails it's log files through smtp.o2.pl. You will see a process, iosdt.exe, using taskman.

am running zone alarm pro and adaware pro 6 i think i got it off a file downloaded in kazaalite? mebbe =(

P.S. why didnt adaware pick it up when i got affected by this trojan?

 

Ad-aware does not do virus/trojan/worm things. Only does spyware and some malware.

You need to also be running an anti-virus program.

I have to wonder a little about the Distributed.net warning.

Network.vbs and the link are both legit files if you have certain Microsoft apps loaded. They could be infected (many file types can) but having them on your system DOES NOT by itself indicate an infection.

Take a look Here.

 

How to get rid of iosdt.exe proces

Hi! I had the same problem (caused by "Microsoft Product Activation Office 2003 ", filesize 338kb ), and here's the fix:

1) stop proces:
Goto Task Manager (CTRL ALT DELETE), go to processes, select "iosdt.exe ", right click mouse, end proces-tree

2) delete files
Go to Windows Explorer, type: C:\WINDOWS\System32\iosdt\ and delete all files in the dir. (Dir is hidden and i could not find it with a search command)

3) clean the registry:
Start regedit
Find key "Distributed Computing Tecnologies., Inc. "and remove it
Find key "LEGACY_DNETC, right mouse click, choose "authorisations ", check Allow [Full Control] for All Users. Now remove this key
Find key "LEGACY_DNETC for the 2nd time (!), right mouse click, choose "authorisations ", check Allow [Full Control] for All Users. Now remove this key
Find key "dnetc" and remove this key
Find key "dnetc" for the 2nd time (!) and remove this key
(maybe a 3rd time (?*)

*The aim is to delete all keys in the registry related to "dnetc" and "distributed.net "

Good Luck!

And... if you don't want any more of this problems, use LEGAL SOFTWARE!

 

Hi i don't mean to repeat this problem but, i caught the darn thing.

Here are the steps i took:
In the tskmgr:
1. tried to end- tree process, but was denied access
2. then tried to just end the process also denied
3. dnloaded "Process Explorer v8.10" from http://www.sysinternals.com/
4. was able to kill process

5.Went to Windows Explorer to search C:\WINDOWS\System32\iosdt\ - but found nothing

6. Next, started working on the registry
- searched - Distributed Computing Tecnologies., Inc.
found nothing

7. Next searched for: LEGACY_DNETC - found folder
- My Computer\HKey_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DNETC
-don't have "authorizations" when I rt click mouse in this folder.

8. did a 2nd scan in registry for: LEGACY_DNETC
- came up with same path:
-My Computer\HKey_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DNETC
- keep in mind that their are two more sub-folders in LEGACY_DNETC .
i tried to delete the names containing dnetc, but it denied me access to delete.

9. search registry for "dnetc ", the search took me back to :
My Computer\HKey_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DNETC

10. don't know what else to do.
-search the web for anything and everything on removing the stupid thing...
nothing right now i'm at a loss. i can kill the process with process explorer,
but i'd have to do that every time i log on.


any other information that you could give me would be greatly appreciated.

OH! running win2k

thanxs

 

I think it's wise to report your problem to abuse@distributed.net.

Distributed.net is the (legal) company that made IOSDT for (legal) purposes. On their site they say they know there are Trojans/Worms which abuse IOSDT.exe. The email-adress is to report abuse of the program!

Good luck.

 

Thanxs for the info
I'll try it, but have very little faith that I'll get a response.

 

I just want to update everyone that the link for help@distributed.net & abuse@distributed.net, does not work. i sent an email through yahoo and outlook, both returned emails with failure notices. The message I got back along with my original message was as stated:

>Hi. This is the qmail-send program at nodezero.distributed.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<help@distributed.net>:
preline: fatal: unable to run procmail: file does not exist

Hi. This is the qmail-send program at nodezero.distributed.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.
<abuse@distributed.net>:
preline: fatal: unable to run procmail: file does not exist

At least these did not work for me. Maybe some of you will have better luck by asking them how to remove the iosdt.exe process.
Or know of another way. If you do, please post.

Thanks