I post this not to embarass HP, but to illustrate that we are repeating history.
In the very old DOS days, the way to stay safe from events such as this was to format everything you got before you used it. Pre-formatted floppies encouraged poor practice in this regard, but those of us with a paranoid bent did it and everyone should have. Now, with flash drives, the modern floppy, we have the same problem. And the solution is the same.
If it is new, format it. If it comes with data or executables on it, scan it first, before doing anything else. Don't even open it and look at the contents before initiating the scan!