From: "Gaz" <gazter@msn.com>

| Thumb driver users be aware, you might be unwittingly spreading winantivirus
| 2009. Inserting a thumb drive into an infected machine (of at least one of
| the variants) creates a hidden pair of files on the root directory.

| i) m.exe hidden and claiming to be from skype
| ii) autorun.ini which is set to silently run m.exe whenever the drive is
| inserted.

| The only clue you will have this is happening, is a second or so delay
| between clicking on the thumb drive, and it opening.

| AFAIK it puts files in the system32 folder (in this case fffcaf.dll, but
| that might just be a random file name) and puts multiple start up points in
| the registry.

| Anyone know of any usb thumb drives with a read only switch?

| Gaz


Not "autorun.ini", that's an interpreted directive type file. You mean "autorun.inf"
which is used in AutoRun/AutoPlay.

The best course of action is to disable AutoRun/AutoPlay on the computer such that when a
mass storage device that is infected is inserted into the USB port, the PC won't
automatically run the AutoRun worm malware component and infect the PC.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp