Lets take a look at how most of these viruses/trojans work.

1. It usually begins by a machine getting infected via the internet (cracks, keys, porn dialers, exes etc)
2. Upon inserting the USB drive in a infected machine, the virus copies itself to the USB drive(in a sstem hidden folder) and overwrites autorun.inf with a malicious one (which will auto execute the virus)
3. When unplugged and plugged into a fresh machine, Autorun.inf is called by Windows(yeah Windows is that stupid) thus self executing the virus, which then infects the host machine.

In recent times Microsoft has asked users to disable Autorun, although not released as a patch, You need to download TweakUI to do so. Windows 7 however disables Autorun for removable drives by default.

The next hurdle is the quality of virus themselves. They have grown so wild, are known by a million names, thus making it almost impossible for even the most advanced Anti-Virus to catch them. I ll explain this best with my personal example, something that happened just a week ago. I borrowed a friends hard drive to install a game. At that time i was testing Panda CloudAV. As soon as i plugged in the HD, Win32/Sality (ah you wile sonofabtch) infected my PC. And before i knew it, half my EXE’s were already infected. For those who dont know Win32/Sality..well its a rampant exe affecting virus which is very hard to remove. Spent 2 sleepless nights trying to manually remove it and did succeed to a great extent (sans few registry entries and corrupt drivers). I tired all Anti Malware (Malwarebytes, SuperAntiSpyware, Spyware Doctor), AntiVirus products, the free ones though, none of them could repair it. They only offered to Quarantine or delete the legitimate EXE files which were infected. Manual removal : here here
Also helped was the forums at Majorgeeks. So after the virus was partially removed,i thought i should invest in a premium licensed copy of a AntiVirus. Although i have always used Avira Free AV, i was intrigued by eScan’s malware detection scores. So i went for it(i had not slept for a day and half) The next day, the guy running the server offers me McAfee saying it will get rid of Sality. I was surprised, but later realised it was a corporate trial. Ran the scan it didnt detect anything. So i uninstalled that and then installed my bought copy of eScan. The website link was of an older version, so had to hunt around for the latest version, which i got it on the eScan Wiki. Very disappointed at the somewhat armature approach of eScan. Ran that scan too, again no detection. So finally safe!

To test now, i took my pendrive and plugged into a friend’s machine which has a trojan thriving happily. Plugged it back in my computer, hoping escan will auto scan the removable drive. It did not. Only corporate edition does that. Shit Not feeling too bad i ran the on demand scanner. It found nothing ! Oh my god! Fired up command prompt and did did a directory listing
F:\ dir /a /s
Aha, the exe is siting there smug! Baffled i ran more scanners on it. Nothing. I tried to copy that exe and rename it and then test it individually , couldn’t do that. Not even via command prompt, its like that file does not exist! Most AntiVirus couldn’t determine the contents of the exe and just skip it. I then pulled out my Laptop, which is running Ubuntu 9.10. Plugged in my removable drive, whistled whilst i copied the “system hidden” exe’s (sitting ducks on Linux!) on to a another Removable drive and renamed it. Before plugging it back, I intalled Panda’s USB Vaccine on the Windows workstation. Then plugged the USB drive in it. Hmm no Autorun, good. Navigated to the folder, Aha! The virus folder exits, seemingly empty but i know what lurks there! Again ran a dir command to confirm. Yep it was there! Then i ran a online scanner (Virus Total and DrWeb) on the exe file. It got deed by DrWeb and 4 out of 41 AV on VirusTotal. Wow. Pevex detected it as High Risk Cloaked Malware. The others which detected it were Microsoft, Prevex, Sohpos and Nod32. Guess i should have bought Prevex instead of eScan (almost the same cost). Sure eScan is good but it wont remove the ever persistent Malware which is on every machine in the Lab. Well guess there is just one way to fix this problem – before inssetig any Removable Device, just plug it to my netbook, navigate via Linux, handpick the smug Malware, and Shift+delete! Poof!
Oh did i mention, i am a Linux user

(will add pictures soon, keep checking this page, as of now, my eyes wont stay open any longer)