Just a quick thought,

It may that the file that is suspected of being a virus or  trojan has created a hidden partition which it keeps restoring from with an associated config file given it a list of different names to copy itself back as many provalent rootkit's/Trojan's/Virus's utilise the same trick, try Uf Disk utilitie's, can be found for free on the web with a bit of looking it's not designed for all USB sticks but I have yet to find on that this software wont work on this not only allows you to FULLY Format so you can use the FULL storage space of the pen drive but also allows you to create a secure partition create a CDFS partition so that you can boot form the USB stick as if it were a CD drive but more importanly it will obliterate any partition inc data that maybe lurking on the stick that Windows management tools simpy wont touch, out of interest you said about it being a govt based office enviroment, is this your pen or the company's?

Regds

HD

Solution:

Please be informed that this may happen due to a Vulnerability on the unpatched Operating System. Microsoft has released the hotfix (KB2286198) which will fix the vulnerability.

Please implement the hotfix on the affected Operating Systems specified on the link mentioned below.

"MS10-046: Vulnerability in Windows Shell could allow remote code execution"

http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

Did somebody put exceptions for the pendrive or executable files in ePO?

Quote from: Samker on 09. May 2011., 19:36:23

Quote from: metalmunna on 05. May 2011., 02:13:10

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

... still i didn't get that virus file which isn't detected by McAfee Enterprise (that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

1. If you did not format your flash drive, then check whether the files are not in hidden mode (Go to folder options-> view tab and uncheck the option of “Hide protected operating system files(Recommended)).

2. Click on "Start" -->Run-->type cmd and click on OK.

3. Enter this command: attrib -h -r -s /s /d g:\*.*

Note : Replace the letter g with your flash drive letter.

4. Now check for your files in Pen Drive.

5. After that, download the Malwarebytes' Anti-Malware and run Full scan: http://scforum.info/index.php/topic,2201.0.html

Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.
there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

(if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.)