My antivirus reported an infected file (setpwrcg.exe) this morning, with a file date of 7/19/2004.
There were a few things that struck me as odd about this:
- It didn’t seem like a randomly-generated name,
- Most viruses/worms don’t seem to bother to set their file dates, particularly not to 5 years ago,
- I haven’t been doing anything likely to get my system infected, and
- I use a firewall that should’ve warned me if anything unusual was trying to make outbound connections from my computer (e.g. to try to spread an infection).
Searches via Google & Yahoo turned up nothing significant (mostly this file in lists of files and one warning that it had been found on infected systems), so I did a little more investigating at a very brute-force level.
The file in question doesn’t have any vendor information, version strings, etc. which is a bit suspicious, but looking at the actual content of the file, I found multiple strings tied to Dell power management configuration – hibernation, etc. Since this fits with the name “set pwr cg” I’m going to assume that the cg is short for something like “configuration” and that they were trying to stick with a DOS-style 8.3 name for this file. The reason it turns up on infected systems is that Dell computers get viruses too.
Almost certainly a harmless file, at least this version of it.