Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Can't remove Trojan Horse

Posted on 2004-04-28
Medium Priority
Last Modified: 2010-04-11
I have a Process on my computer under Task Manager named "IOSDT.EXE" which is causing 100% CPU Usage slowing down my system almost to a standstill. When I terminate this process CPU Usage Falls to 4%. The problem is I can't stop it from starting up everytime I boot my computer. Running a search failed to find it on the system.  

On the website "http://www.answersthatwork.com/Tasklist_pages/tasklist.htm" I found the following information:


You have a  Trojan virus  on your PC – IOSDT.EXE is its main file.   You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet).

Recommendation :  
Reboot your PC into Safe Mode and then do a search for all files and folders which start with  IOSDT  and delete them.  Next, empty your Recycle Bin and reboot back into Normal Mode.

I followed the instructions above but still could not find any file or folder doing a search. I also did a search in the registry and still no sign of this file, yet when I rebooy back in normwl mode the process starts up again grabbing 100% of my CPU usage.

I am running Windows XP Professional

This is doing my head in

your help is desperately needed

with thanks

Question by:greenfly2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +8
LVL 49

Expert Comment

ID: 10937076
Hi greenfly2,

Do you have any anti-virus installed in your machine ?

If yes , update it and check for virus . If it reports any trojan or virus , ask it to remove

Also check these online scanners






Using this check if you can stop it from startup

Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine and check if the trojan comes back.

Then go to the same location and enable each application one by one and check the culprit

LVL 32

Expert Comment

ID: 10937079
Hi greenfly2,

You'll find the file most likely at %systemroot%\System32\iosdt\iosdt.exe
You can remove this folder after killing the task.

Then, look at the startup part of the start menu and find either:
network.vbs and/or microsoft_office.lnk
Delete those both if you can find it.

Next time, just buy legal microsoft product, it'll save you from this mess.


LVL 49

Expert Comment

ID: 10937085
Also you may want to run the spyware tools listed here
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 23

Expert Comment

by:Tim Holman
ID: 10937533
Try HijackThis to ensure the Trojan isn't set to run at boot-time:


Author Comment

ID: 10939883
Sorry to disappoint you LucF but I haven't got any illegal microsoft software on my system they have all been purchased leagally. They are four people using my computer and even if one of my sons attempt to download illeaglly I can assure you its not loaded on my system.  The suggesting that "I may have tried to downlod illegal microsoft software" was an assumption of how the Trojan may have got to my system and not an accusation.

Sunray I am about to try your suggestion, but the other suggetions did not work
thanks guys. I'll get back to you soon
LVL 32

Expert Comment

ID: 10941685
You don't dissappoint me... quite the opposite actually, it is just that I had to handle with this virus several times before, and always it came from either crack sites or through P2P networks... sorry for jumping on the gun right away. I also noticed that every virusscanner I tried didn't work :(

I think tim_holmans idea is pretty good, if you want, post the logfile it creates, so we can do a manual search from where it's started from.

LVL 12

Expert Comment

ID: 10942692

When you download and install HijackThis (per. tim_holman suggestion), install it to it's own folder, not on your Desktop or a temp folder. Create a folder such as: C:\HJT or C:\HijackThis and install it there.
Good luck!

Expert Comment

ID: 10943269
Boot your computer into safemode with networking support, go to trend.com or norton.com and do the free online scan.
LVL 38

Expert Comment

by:Rich Rumble
ID: 10945258
Everyone is forgetting it's XP, you have to turn off system restore... then get rid of it... otherwise it'll be back on next reboot.

Try the stinger tool... Ad-Aware might even help...

Author Comment

ID: 11066264
Unfortunately none of the suggesstion received so far work. So i have decided to count my losses, reformat my hard drive and start again.

LVL 23

Expert Comment

by:Tim Holman
ID: 11130786
Sorry we couldn't help..  ;(
Don't forget to delete the question, and try us again soon !

Expert Comment

ID: 11498532
*** advertising removed by Netminder, Site Admin ***

Expert Comment

ID: 12685467
Hi guys

I know It's been some time since you have had the problem.

I just ran into it myself - In fact it is pretty easy to fix...

1) I was unable to stop the process (takin 100% CPU)
2) I searched the disk for the process - nothing found.
3) using REGEDIT.EXE I searched for IOSDT and exportet any keys found
4) restarted the system, and it was gone...

It seems like a trojan that comes through E-Mule p2p software!!!
It has not done any harm to my system (lucky me...).

Best regards Soren - Denmark
LVL 27

Expert Comment

ID: 15759981
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: sfleron{http:#12685467}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Accepted Solution

Computer101 earned 0 total points
ID: 15801338
PAQed with no points refunded (of 250)

EE Admin

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question