USB Memory Sticks with hidden virtual CD partitions (U3 Drives?)
We've been finding that pupils (and staff) seem to be increasingly bringing in USB memory sticks they've been given as freebies into school. Most of these seem to be formatted (I'm assuming it's done purely using software rather than custom hardware in the sticks) specifically so that they appear in windows as both a 'virtual CD' partition and a partition that contains the USB drives data.
When connecting them to a PC the USB stick autoruns and windows detects it as a virtual CD drive which launches an app (often a Menu or a promo screen) from an .exe file and them mounts the USB data partition.
What's really worrying is that despite us having autorun turned off for users and Windows GP file path restrictions in place to stop executables running from removable drives the way these sticks emulate a CD drive seems to bypass this allowing the initial menu program to run ?
Has anyone found a fix to stop these type of memory sticks from being used and/or autorunning when connected as they're potentially a pretty major security loophole ?
Also is there any kind of program to reformat these sticks so we can get rid of the hidden virtual CD partition? I've tried the U3 removal tool but it's not detecting the USB drive as being a U3 model ?