NOD32 & a new USB trojan

Hi all

I used a USB that a month ago was used by a shop, I was keeping it on shelf for all that time, yesterday once I opened it I found the folder that had my pictures (no problem here) and 3 files with exe extension and they have a folder icon to fool people who has extensions hidden as it seem to me, I saw a message of warning but I noticed it was from my firewall Comodo (not my antivirus) saying it is a bad file, it is the first time I saw comodo doing reaction in this manner, always the same firewall box of allow and dont allow (you know...).

I have windows 7 (up to date) , Comodo 5.8.213334.2131, RUbotted beta,
nod32 4.2.71.2 antivirus

NOD32 info in details:
Virus signature database: 6629 (20111114)
Update module: 1037 (20110921)
Antivirus and antispyware scanner module: 1329 (20111031)
Advanced heuristics module: 1118 (20110419)
Archive support module: 1136 (2011081
Cleaner module: 1051 (20110420)
Anti-Stealth support module: 1026 (2011062
ESET SysInspector module: 1220 (20110517)
Self-defense support module: 1018 (20100812)
Real-time file system protection module: 1006 (20110921)

(these data is as of now not yesterday)

I have two questions...

I deleted those files, as I think Comodo said it couldn't do that, but I saw other files: backup.exe & update.exe on Drive D (I have C, D, portable F (connected)), at this point I panicked.

(1)How did these files get copied to drive D while I have all windows autoruns disabled? and I didn't execute the USB files ?

(2)and the basic question why didn't nod32 catch them since they are old, the USB has been offline for a month so these files are at least 1 month old? I also used www.virustotal.com and almost all results said it is a Trojan and nod32 had "-" as result (meaning nothing found), also Panada no results but every other antivirus listed it as trojan.

The name of the Trojan as per kaspersky is:

HEUR.Trojan.Win32.Generic , I think and I couldn't find any other traces.

Please help on these two issues

Extra question: I scanned using Kaspersky removal too all settings on high & using symantec online, and superantispyware, and sting, do I need to do something else ?

 

it could be malware but equally false positive. with files gone we'll never know

 

Thanks for input Cudni

One file already submitted to ESET although I doubt that this is what was missing ESET to decide it was a malware, it is possible but unlikely, I tend to believe that they have decided that it is a false positive.

I respect companies that only trust their own judgment but you have to be extremely sure when all other companies says otherwise.

Whether ESET tag it or not as a malware won't change my mind in this particular case; a couple of stealth files on a USB drive with .exe extension and an icon resembling a folder and copying themselves to my other drives without invitation, with all due respect and I am sure I know nothing compared to you, I don't need someone to tell me that these are malware or not, I will delete them whatever they are.

I always taught this to my other friends to always look for files of such characteristic when opening a USB drive and always show hidden and protected files and their extensions and to disable autorun for CDs and USBs, they always have been a victim of viruses from USB drives and I think this is the first time something slipped to my PC that way but I was more puzzled for not seeing an ini file and by how it got around the disabled autorun.

You could have answered me at least how a possibly non-malware was able to copy itself to my PC from a USB drive bypassing the autorun and without being executed by me , I would be thankful!