Security firm modzero AG from Switzerland reports that some HP devices have a keylogger installed on audio drivers.
The keylogger is built into the driver lists all the keystrokes that system users make and stores them in a log file that names MicTray.log and stores it in the path:
C: \ Users \ Public \
Note that the log is saved in the public folder and not in that user's folder.
The publication of the security company naturally raises several questions. First, why need a keylogger in the audio driver and, second, how do we make sure it does not run on HP devices.
The first thing you need to know is that only HP devices seem to be affected by the discovery of the company. Modzero AG says the HP EliteBook, HP ProBook, HP Elite, and HP ZBook models with Windows 7 and Windows 10 are affected. You can see the full list of affected devices in the link at the end of the publication.
The security company reports that if you are using an HP (Hewlett-Packard) device you should check if the files are in use
C: \ Windows \ System32 \ MicTray64.exe
C: \ Windows \ System32 \ MicTray.exe
If there are, you need to delete or rename them to stop the keylogger.
In addition, you should check for the existence of the file
C: \ Users \ Public \ MicTray.log
If it exists, delete it.
All your keystrokes are recorded in this text file, and may contain sensitive information such as authentication data, credit card numbers, personal chat messages, and / or emails. Note, however, that this file is replaced after each link.
This may be backed up, file history, or other services that make copies of the file and may have stored earlier versions of the file. So you should be sure to delete these files to avoid leaks.
The executable MicTray file (in the 64 or 32-bit variant) is installed with the Conexant audio driver. The program is scheduled to run immediately after the user enters, and so it begins to immediately record its keystrokes.
Its main function is to provide functionality between the device keys and certain audio driver features, such as mute the microphone.
Modzero AG reports on keylogging:
Key tracking is added by applying a low-level keyboard input hook function that is installed and calls SetwindowsHookEx ().
You will probably wonder why the keylogger was added to the driver. Modzero AG states:
In fact, the purpose of the software is to recognize whether a special key has been pressed or released. However, the developer has introduced various diagnostics and debugging features to ensure that all keystrokes either are transmitted through the debugging interface or are logged in the log that is in a public folder on the hard drive.
Users handling affected HP devices should ensure that this software is not updated. If it is updated, it will reinstall the application that performs the keylogging and we deleted above….