Can't remove Trojan Horse

Posted on 2004-04-28
Medium Priority
Last Modified: 2010-04-11
I have a Process on my computer under Task Manager named "IOSDT.EXE" which is causing 100% CPU Usage slowing down my system almost to a standstill. When I terminate this process CPU Usage Falls to 4%. The problem is I can't stop it from starting up everytime I boot my computer. Running a search failed to find it on the system.  

On the website "http://www.answersthatwork.com/Tasklist_pages/tasklist.htm" I found the following information:


You have a  Trojan virus  on your PC – IOSDT.EXE is its main file.   You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet).

Recommendation :  
Reboot your PC into Safe Mode and then do a search for all files and folders which start with  IOSDT  and delete them.  Next, empty your Recycle Bin and reboot back into Normal Mode.

I followed the instructions above but still could not find any file or folder doing a search. I also did a search in the registry and still no sign of this file, yet when I rebooy back in normwl mode the process starts up again grabbing 100% of my CPU usage.

I am running Windows XP Professional

This is doing my head in

your help is desperately needed

with thanks

Question by:greenfly2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +8
LVL 49

Expert Comment

ID: 10937076
Hi greenfly2,

Do you have any anti-virus installed in your machine ?

If yes , update it and check for virus . If it reports any trojan or virus , ask it to remove

Also check these online scanners






Using this check if you can stop it from startup

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine and check if the trojan comes back.

Then go to the same location and enable each application one by one and check the culprit

LVL 32

Expert Comment

ID: 10937079
Hi greenfly2,

You'll find the file most likely at %systemroot%\System32\iosdt\iosdt.exe
You can remove this folder after killing the task.

Then, look at the startup part of the start menu and find either:
network.vbs and/or microsoft_office.lnk
Delete those both if you can find it.

Next time, just buy legal microsoft product, it'll save you from this mess.


LVL 49

Expert Comment

ID: 10937085
Also you may want to run the spyware tools listed here
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

LVL 23

Expert Comment

by:Tim Holman
ID: 10937533
Try HijackThis to ensure the Trojan isn't set to run at boot-time:


Author Comment

ID: 10939883
Sorry to disappoint you LucF but I haven't got any illegal microsoft software on my system they have all been purchased leagally. They are four people using my computer and even if one of my sons attempt to download illeaglly I can assure you its not loaded on my system.  The suggesting that "I may have tried to downlod illegal microsoft software" was an assumption of how the Trojan may have got to my system and not an accusation.

Sunray I am about to try your suggestion, but the other suggetions did not work
thanks guys. I'll get back to you soon
LVL 32

Expert Comment

ID: 10941685
You don't dissappoint me... quite the opposite actually, it is just that I had to handle with this virus several times before, and always it came from either crack sites or through P2P networks... sorry for jumping on the gun right away. I also noticed that every virusscanner I tried didn't work :(

I think tim_holmans idea is pretty good, if you want, post the logfile it creates, so we can do a manual search from where it's started from.

LVL 12

Expert Comment

ID: 10942692

When you download and install HijackThis (per. tim_holman suggestion), install it to it's own folder, not on your Desktop or a temp folder. Create a folder such as: C:\HJT or C:\HijackThis and install it there.
Good luck!

Expert Comment

ID: 10943269
Boot your computer into safemode with networking support, go to trend.com or norton.com and do the free online scan.
LVL 38

Expert Comment

by:Rich Rumble
ID: 10945258
Everyone is forgetting it's XP, you have to turn off system restore... then get rid of it... otherwise it'll be back on next reboot.

Try the stinger tool... Ad-Aware might even help...

Author Comment

ID: 11066264
Unfortunately none of the suggesstion received so far work. So i have decided to count my losses, reformat my hard drive and start again.

LVL 23

Expert Comment

by:Tim Holman
ID: 11130786
Sorry we couldn't help..  ;(
Don't forget to delete the question, and try us again soon !

Expert Comment

ID: 11498532
*** advertising removed by Netminder, Site Admin ***

Expert Comment

ID: 12685467
Hi guys

I know It's been some time since you have had the problem.

I just ran into it myself - In fact it is pretty easy to fix...

1) I was unable to stop the process (takin 100% CPU)
2) I searched the disk for the process - nothing found.
3) using REGEDIT.EXE I searched for IOSDT and exportet any keys found
4) restarted the system, and it was gone...

It seems like a trojan that comes through E-Mule p2p software!!!
It has not done any harm to my system (lucky me...).

Best regards Soren - Denmark
LVL 27

Expert Comment

ID: 15759981
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: sfleron{http:#12685467}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Accepted Solution

Computer101 earned 0 total points
ID: 15801338
PAQed with no points refunded (of 250)

EE Admin

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question