Some HP Laptops shipped with keylogging function enabled

[RichCor]

Your HP laptop may be keeping a record of everything you type every time you power it on. 

 

 

Keylogger Found in Audio Driver of HP Laptops

bleepingcomputer.com  |  By Catalin Cimpanu  |  May 11, 2017 

 

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.
 

This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe). This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys."

This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at:

 

C:\users\public\MicTray.log

 

As this is a "Conexant HD Audio Driver" other PCs containing their audio chipsets may also be affected.

[oldcarguy]

and how do you kill it off so it is gone , the record is gone and will not start again ?

 

I have an HP but its not here right now !

[RichCor]

Article link got dropped, but can be found reposted on multiple tech sites

 

Keylogger Found in Audio Driver of HP Laptops

https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/

[RichCor]

12 hours ago, oldcarguy said:

and how do you kill it off so it is gone , the record is gone and will not start again ?

 

I have an HP but its not here right now !

 

This issue only affects certain computers using a Conexant HD Audio chipset and driver software.

 

The articles recommends looking for the log file, or seeing if 'mictray54.exe' is in your windows system32 folder  [C:\windows\system32\mictray64.exe] and if so then removing the app or driver.  Hopefully HP will issue an updated driver fairly soon.

 

HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x2 1012 G1 Tablet
HP Elite x2 1012 G1 with Travel Keyboard
HP Elite x2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC

[KhunBENQ]

Sounds like sloppiness at software development.

Built in a debug function without taking care that it is removed in the release version.

Awkward

[oldcarguy]

I scanned my C drive for mictray54.exe  and nothing ,

 

I do have an elitebook !  but not one that is on the list