AutoRun is a feature that will automatically runs a program or application when a drive is mounted. This can be exploited by changing the executable of an existing Autorun program. When the computer restarts and an Administrator logs in it will run the malicious executable as system.
Check for AutoRuns in the registry using PowerUp
Check for write access to the file. Should return with FILE_ALL_ACCESS under RW Everyone
Replace AutoRun executable
