Am I to understand you have not heard of the maskrider2001.vbs script that I am referring to?
I probably cleaned all them already manually and did not save them but I thought this was a pretty well known issue affecting the ability for people to double click my computer then double click a drive letter. It prevents the drive from opening.
I never see it since I never open Windows Explorer that way (I right click my computer and select explore) but the users complain about it. It seems to always copy itself to a USB drive as well as all fixed drive letters.
It also has an accompanying autorun.inf file. Therefore you select the drive and the autorun.inf calls the maskrider2001.vbs file. Very simple but a pian in the butt. It is also in the windows run reg key startup and it defaces the IE TITLE. So manual cleanup is very simple assuming there are no other hidden threats but a pain in the ass none the less.
With clients in the field at remote locations as we have they use the machines as sales stations and refuse to password protect anything so every machine on their networks get infected in minutes.
I will send you a sample NEXT time But tell me if this is a known issue or not at least.
If they would buy SAS I assume it would protect them. Am I correct that SAS will protect the IE Title (Not the HOme Page just the TITLE).
I own SAS pro and we run SAS on their systems. I have not tested it with this yet.