Keylogger: A lot of HP notebooks have an audio driver provided by Conexant that records and save all the keystrokes to a file or prints them to the system debug log, where malware could snoop them easily.
Why is my HP laptop logging my keystrokes?
HP says it has no access to this data, and the keylogger in question does not appear to be malicious.
There’s no evidence that the keylogger actually does something with the keystrokes it captures apart saving them.
However, this could be dangerous, as that sensitive log of keystrokes would be available to malware and may be stored in backups.
In other words, it’s dangerous and a bit irresponsible by HP put such software in their PCs.. as we have known this year, a lot of companies helps some national security agencies to provide sensitive private data.
Researchers from Modzero found that the debugging option in that software had to be removed, but it is still there.
How to check if the keylogger is active
The behaviour may change according to the audio driver.
On many laptops, the keylogger writes keystrokes to the C:\Users\Public\MicTray.log file.
This file is wiped at each boot, but it may be captured and stored in system backups as well.
Navigate to C:\Users\Public\ and see if you have a MicTray.log file. Double-click it to view the contents. If you see information about your keystrokes, you have the malicious driver installed.
If you do see data in this file, you should delete the MicTray.log
If the Conexant audio driver is capturing keystrokes and printing them as debug messages, you’ll see many “Mic target” lines, each with a scancode.
The information on each line identifies the key you pressed, so this information could be decoded to get the words you typed, in order.
If you don’t see a MicTray.log file or one empty, you are not affected.
How to stop it?
If the MicTray.log file is there, I suggest you to remove it… and disable it permanently!
It’s simple, Microsoft has already released an update to fix it, so just check Windows Update and download all the available ones!
If the fix hasn’t been released yet, or you can’t run Windows Update for some reason, you can remove the software that causes the problem.
You will need to delete the MicTray.exe or MicTray64.exe file manually.
If you missed: Wannacry, a dangerous ransomware spreading all over the web, how to protect yourself from it
Locate the MicTray executable file on your system and delete it.
The researchers indicate that this file is often found at either C:\Windows\system32\MicTray.exe or C:\Windows\system32\MicTray64.exe .
It’s not so good that known companies such as HP use such software inside their computers, we hope that is just an error and not something written on purpose to stole data.
What I suggest to you? Be careful when you use your PC.. check files, folders, periodical antivirus scan, programs, web pages… everything!
The web may be insidious and dangerous sometimes and if you don’t protect you, you’ll be in troubles, big troubles.
