If you’ve ever hooked an Energizer Duo NiMH battery charger up to the USB port of PC, your computer might be infected with a Trojan horse. Physorg.com reports that the malicious software, which allows hackers access to remote computers, was just discovered but may have been lurking in the charger for nearly three years.

The Trojan grants hackers the ability to list directories, send and receive files and execute programs on the computer. It’s not clear if users have noticed any particular problems after their computers have been infected with the malware, which only affects PCs and not Macs.

Computer security firm Symantec identified the problem, explaining that there’s no way of knowing how or exactly when the backdoor Trojan got into the software that monitors the Duo USB charger, but that the Trojan’s binary shows a creation date of May 10, 2007.

Energizer is working with the U.S. Computer Emergency Readiness Team (US-CERT) to find out, but in the meantime US-CERT has some advice on identifying and removing the Trojan. Look for a file named Arucer.dll in the Windows system32 directory, delete it and then restart your computer.

You could also just uninstall the USB charger software — the Trojan will still be present, but can’t operate without the charger software. It’s also a good idea to block access to port 777 on your firewall.

The Energizer Duo battery charger is still available for sale, but the infected software has been removed.

Trojan malware lurks inside Energizer Duo battery charger
PC users who have hooked up this USB-powered charger may have a Trojan performing covert actions on their computers.