A file with root ownership is normal. Look at your /bin/ directory. What is dangerous is launching programs as root or setting the suid permission bit which would change the effective uid to the owner. In Linux, the suid bit has no effect for scripts.
Auto mounting usually use the user as the owner of a vfat or ntfs partition.
If you are going to examine a usb flash drive that you suspect has MS viruses on it, you could as an extra precaution stop the hald & dbusd daemons. The udev system depends on these services.
Also check if your system uses PolicyKit. The policies may be used to determine whether a local user can mount external devices.
Policykit works a little bit differently. For example, instead of changing the group owner of a device file, it uses setfacl to allow access to a regular user.
Policy definitions for HAL's drives/media mechanims.
Copyright (c) 2007 David Zeuthen <email@example.com>
HAL is licensed to you under your choice of the the Academic Free
License Version 2.1, or the GNU General Public License version 2. Some
individual source files may be under the GPL only. See COPYING for
<description>Mount file systems from removable drives.</description>
<message>System policy prevents mounting removable media</message>
Changing allow active to "auth_admin_keep_always" would require root authorization to mount an external drive. You can use the polkit-auth program to dynamically grant or deny permissions to a session user.