What is the “msddll” service on a Windows 2000 machine ?

65,110 pts.
Tags:
Microsoft Windows
Microsoft Windows 2000
Microsoft Windows services
MSDDLL
Service Control Manager
We have a Windows 2000 SP4 machine that a few minutes ago displayed a message saying that the event log was full. Looking at the system log we found that the Service Control Manager fired nearly 3000 events in a few minutes, regarding a timeout in the "msddll" service. In the services management tool it currently appears as “starting”, and the process description is just “msddll”, so I have no Idea what in fact that service is or what It does. Everything seem to be working fine on the machine, so it doesn’t seem to be a problem, but I would really like to know what is the purpose of that service, and also be sure that it is not some kind of malware. I have googled it, but found really nothing solid. It seems that some people have had problems with a Trojan called “vundo” which includes a msddll.dll library. The machine has no internet connectivity, and it is only running a couple of Visual C++ programs. Thanks for your help and/or comments.
ASKED: December 22, 2008  10:11 PM
UPDATED: December 26, 2008  11:08 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

File “msd.dll” has the following statistics:
Total number of reports analysed 380,730
Number of cases that involved the file “msd.dll” 1
Number of incidents when this file was found to be a threat 1
Statistical volume of cases when “msd.dll” was a threat 100%

Notes:
Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a quick sanity check of your system, please run ThreatExpert Memory Scanner.
For a comprehensive pro-active protection against threats, please consider ThreatFire – our behavioral antivirus solution.

The file “msd.dll” is known to be created under the following filename:
%System%\msd.dll

Note: %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following threats are known to be associated with the file “msd.dll”:
Threat Alias Number of Incidents
Generic.dk [McAfee] 1
Trojan Horse [Symantec] 1
Trojan-PSW.Win32.Nilage.pd [Kaspersky Lab] 1
Trojan-PWS.Lineage [PC Tools] 1

msddll.exe running as a service is a malware that affects internet explorer. Seems to be very recent. Still trying to get info on it.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • carlosdl
    Thanks. At this point I'm sure it is malware. I found many instances of it running on the machine, and it is trying to access the internet. I will update this as soon as I get rid of it.
    65,110 pointsBadges:
    report
  • Pressler2904
    Sophos, a CNET forum and Spybot S&D identify this as a trojan. That's good enough for me...
    2,190 pointsBadges:
    report
  • carlosdl
    Follow up: It was detected as: - Worm:Wind32/Neeris.gen!C by Microsoft OneCare - Smitfraud-C.gp by Spybot S&D - WORM_AUTORUN.CDN by Trend Micro HouseCall - Backdoor.bot by Malwarebytes which was the only tool that was able to clean it. In a xp machine, I was able to manually clean it using Hijack this (using the Remove system Service and Remove file on startup features), but on a Windows 2003 server this did not work and the use of Malwarebytes was necessary.
    65,110 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following