There are two serious misconceptions about autorun worms: the notion that these worms spread only via infected USB drives and the belief that autorun can be successfully disabled via the Group Policy Editor.

Autorun worms are often bundled in malware delivered via the Web, or email, or IM, or any other vector of infection. Once on the system, in addition to infecting USB drives, autorun worms can also infect any discoverable fixed and mapped drives. So if an autorun worm is running rampant on your network, it doesn't mean you have a multitude of users packing infected USB drives.

Autorun worms spread by dropping a copy of the worm to the drive, then creating an autorun.inf on the root of that drive. The autorun.inf loads the dropped worm copy each time the drive is accessed. Each time the worm is loaded, it searches for new drives to infect and hence the cycle is repeated over and over again.

The first step to removing an autorun infection is to stop the spread by disabling the autorun feature. Many admins rely on the GPE to make these sorts of changes. But various oddities in Windows can cause autorun settings made in the GPE to be ignored. Microsoft released a patch (KB-953252) to address these issues, but rather than chance it there's a much better/easier way to completely kill autorun. Courtesy of Nick Brown's article on memory stick worms, the following Registry hack sends any requests for autorun.inf off into never-never-land:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Autorun worms seldom travel alone. Once the worm infects, it typically downloads a cocktail of additional malware to the system. If you discover an autorun worm infection, you can anticipate there's also backdoors and password stealers lurking about.

It's worth nothing that the SANS Hacker Exploits and Incident Handling training provides instruction on remotely removing autorun worms (and other malware) and has gotten some good reviews from those who have taken the class.