I have noticed a couple older posts in the forum relating to this topic, but have seen no resolutions. If anyone can help me I would appreciate it. This morning I checked my email and found a message that was sent from someone I don't know telling me they had changed their email address from hotmail to yahoo. I deleted it right away. About twenty minutes later an IE window pops up complete with ad. I checked to see if Kazaa was loaded (since it pops up ads all the time), but it wasn't. Then I notice that my Norton antivirus has been triggered, and it tells me it has detected the W32.DSS.trojan in an HTML file in my Local Settings\temp\gdg (or something) directory. I checked running processes and found "openme.exe", which was loading from my c:\winnt directory. NAV then told me openme.exe was infected with the same virus, but it could not clean any of these files it was finding. I had to boot into safe mode, shut down the openme.exe process, delete it from c:\winnt, and clear out the \temp directory from my profile. NAV no longer found any viruses. But now I get a "can't find openme.exe" message every time I reboot my computer. It happens for any profile that logs in. I have checked all of the run options in the registry, seached the registry and my entire computer for any mention of "openme.exe", I have checked win.ini, autoexec.bat, and all of the startup folders for all of the profiles on the machine, but I still cannot find where "openme.exe" is loading from. I have pared down my startup programs to only those that I am absolutely sure of. Norton is no help whatsoever in giving any information about this thing. I was able to find out the HTML files that were created were pointing to an ad server at 217.69.237.130. The files were created with a German version of a common web building program. Does anyone know of any startup areas I missed, or any tricky way to get programs to start from a non-standard area? Has anyone had any experience with this trojan? Any help is appreciated.

did you try msconfig? type msconfig in the "Run" prompt. click the startup tab and deselect away. I had that same file on my computer too, but it never was installed... no body seems to know where it came from. NAV2002 detected it for me.

I appreciate the suggestion, but MSConfig does not work with my installation of Windows 2000. I have tried using the Win2k equivalents to try and track it down, but to no avail. If I am not using the proper utilities, any suggestions would be appreciated, but I'm at my wits end with this. Thanks.

Type sysedit in the run or find (search or files or folders) and look in the system.ini window for openme.exe and delete the text plus the extra space before if any. R1Master -- Use the porche duke!

I think it's embedded in EXPLORER. because my EXPLORER was "not responding" so I had to quit it and (as u know) explorer restarts it's self because it has to for the operation of the computer. And then the openme.exe comes back (cannot open OPENME.EXE) So... I don't know how to change that...maybe a way to uninstall EXPLORER and then reinstall it...but I don't know

i have the same problem, i found a web site that might help. http://www.typebyte.com/. good luck. you can reach me at z0dyak@attbi.com. im not a programer but i know there is something wrong and im going to fix it. :) DC

i wrote the ubove. if that doesnt work this is how i got rid of it. Start Run... regedit HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon In this folder find "Shell." double click. an "Edit String" window will come up. The "Value data" line should read:"Explorer.exe". delete the "openme.exe" and restart your computer. that should work. my email address is above. if you need help ill try and help. good luck. DC