Virus in the embedded OS?

Question

Hello, Ion users. I'm not the LD, actually I'm the house sound guy, but I'm also the theater computer tech. We purchased our new Ion about a month ago. Works great! Learning to write macros for our moving lights, and do the standard stuff (way many years on analog consoles). So, the OS is a stripped-down, customized XP. I'm wondering if some aspects of this are going to become a problem in the future, and may be a problem for us now. 
 We have one local contractor who uses installed Ions in the other venues in the local area. He saves all his favorite setups on his own USB stick, often writing his roughs for his shows off site on his laptop, and transferring them via the USB stick. Contractor LD was last on the console a week ago. 
 Today, the venue LD was backing up some new settings to our USB stick, and we saw a popup window (very XP-ish) which stated "Do you like Bill Gates?" Yes-No buttons were below. Then a secondary window opened and stated the hard drive was being formatted... !!!! In a panic, he rushed through the shutdown and hit the power button. A few minutes later, we powered it back up, and all seems ok, but this was a scare indeed. 
 I think our contractor LD may have passed a joke program into our console from his USB stick. So, how do I remove these things? And, how do I protect against such in the future? Normal AV programs have too much footprint to just run installed, and the OS probably does not have the components to run them. 
 Do note, I maintain several stand-alone (no net-connection) recording PC's at local project studios, and my clients are quite used to manually enabling/disabling the installed AV, and manually updating definitions downloaded to a separate computer. One once had his machine trashed by a trojan brought in with a musician's tracks done at home, so it can happen. 
 With the problems of autorun vulnerability in XP and the ensuing trojans spreding via USB and shared drives, what can be done?

Richard · Answer

ETC recommend that any PCs used with the consoles have good, up-to-date antivirus installed, or are physically disconnected from the
Internet and are only ever connected to 'clean' sources. 
 If your
console is suspected to have non-ETC software onboard, then we
recommend that you back up your showfiles to USB and completely
re-image its hard disk. This will *always* erase any nasties that may
have got onboard. 
 Eos and Congo Senior include a DVD-ROM drive and DVD for this
purpose, and if you contact your local ETC support we can give you
instructions for creating a re-imaging USB stick - you'll need a standard 2GB one. 
 ETC do recognise that such risks exist, and we have
therefore taken several steps to reduce the possibility. For example,
auto-run is completely disabled on all ETC consoles and we deliberately
make it hard to run non-ETC software on them, so it's actually quite
difficult for them to get virii by accident. 
 We can't protect against malice though - it is your console! 
 Disturbingly, your particular description doesn't tally with any virus or trojan Symantec has in their database, so unfortunately I suspect someone has made a very bad joke and could do with a quiet word. 
 Finally: 
 There are several very good free-for-personal-use AV solutions, such as Grisoft's AVG Free and AVAST!, so there's no excuse for a personal computer that doesn't have good AV. 
 I would also recommend totally disabling Auto-run on any PCs that you
use. It is by far the most stupid concept ever to appear on PCs, with
the possible exception of Active-X! 
 Completely disabling Auto-Run makes it impossible for removable media to *accidentally* introduce virii and trojans, although it is always possible for a user to choose to run unwanted software.