Nymphs and Satyrs ....AIdDictive Compulsive Orders
"For malware, it's rather unique to see such a technique being used."
It is not malware, it is Sticky Sweet Palware when IT Tempts One 42 Play Great Games.
Security researchers have discovered one of the most subtle and sophisticated examples of Windows rootkit software known to date. The AutoRun-NOX worm extends the standard VXer trick of using software vulnerabilities to infect systems, by including functionality that allows the worm to exploit Windows security bugs to hook …
A few weeks ago at work. Was a pain to get rid of. Eventually just noted what was running at startup that wasn't signed, pulled the HD, deleted files with drive mounted on another machine (with autoruns disabled), then reinstalled & cleaned up the registry.
Strongly recommend using the Group Policy editor to disable autoruns on all drives.
Start>Run>gpedit.msc
Isn't GDI exploitation dead? Patched to death, and running in user level code only, neutering anything running in a limited user account. So much for root kits.
You sound like your colleague, beating dead horses and scaring us into hitting the update button multiple times per day.