Hi all I used a USB that a month ago was used by a shop, I was keeping it on shelf for all that time, yesterday once I opened it I found the folder that had my pictures (no problem here) and 3 files with exe extension and they have a folder icon to fool people who has extensions hidden as it seem to me, I saw a message of warning but I noticed it was from my firewall Comodo (not my antivirus) saying it is a bad file, it is the first time I saw comodo doing reaction in this manner, always the same firewall box of allow and dont allow (you know...). I have windows 7 (up to date) , Comodo 5.8.213334.2131, RUbotted beta, nod32 126.96.36.199 antivirus NOD32 info in details: Virus signature database: 6629 (20111114) Update module: 1037 (20110921) Antivirus and antispyware scanner module: 1329 (20111031) Advanced heuristics module: 1118 (20110419) Archive support module: 1136 (2011081 Cleaner module: 1051 (20110420) Anti-Stealth support module: 1026 (2011062 ESET SysInspector module: 1220 (20110517) Self-defense support module: 1018 (20100812) Real-time file system protection module: 1006 (20110921) (these data is as of now not yesterday) I have two questions... I deleted those files, as I think Comodo said it couldn't do that, but I saw other files: backup.exe & update.exe on Drive D (I have C, D, portable F (connected)), at this point I panicked. (1)How did these files get copied to drive D while I have all windows autoruns disabled? and I didn't execute the USB files ? (2)and the basic question why didn't nod32 catch them since they are old, the USB has been offline for a month so these files are at least 1 month old? I also used www.virustotal.com and almost all results said it is a Trojan and nod32 had "-" as result (meaning nothing found), also Panada no results but every other antivirus listed it as trojan. The name of the Trojan as per kaspersky is: HEUR.Trojan.Win32.Generic , I think and I couldn't find any other traces. Please help on these two issues Extra question: I scanned using Kaspersky removal too all settings on high & using symantec online, and superantispyware, and sting, do I need to do something else ?