[Discuss] virus?

[adler at stephenadler.com (Stephen Adler)]

Guys,

I'm not sure if this is the right forum to post this question, but here 
goes.

I have a linux server box in my lab which I'm using to run a samba 
service and server up some disk space to some laboratory equipment which 
have computer consoles operating them running windows. As it turns out, 
on one of the equpiement, I mounted the samba served network folder and 
lo and behold Autorun.inf and a rundll.exe file suddenly appeared in the 
top level directory of the mounted network folder. I proceeded to delete 
the files on the linux side (on my linux server) and within seconds the 
two files reappeared.

The content of the Autorun.inf basically causes rundll.exe to execute.

I'm thinking I'm looking at a virus on the lab equipments windows PC 
doing its thing to propagate itself. If I plug a thumb drive into the 
equipment's PC, that'll copy those to files onto the thumb drive and my 
guess the rundll.exe code gets executed when the thumb drive gets 
plugged into another windows PC.

Can you guys concur this? If I mount the network folder from my 
"infected" linux server onto another PC, will the Autorun.inf tell the 
2nd PC which mounted this drive to execute the rundll.exe file? Or does 
this only happen when you plug a thumb drive in?

Again, sorry if this is the wrong forum to ask this kind of question.

Cheers. Steve.