Update:Â HP has released updated drivers for all affected models.
A new report from the user Catalin Cimpanu on the tech forum Bleeping Computers has brought to light some “hidden features” in the new audio drivers for a few HP models. The driver saves everything the user types in to a local file on the computer. This may not seem worrying to most people because it’s local however if malware is installed that knows the location of the file you could lose you passwords and privacy.
Swiss cyber-security group modzero discovered the keylogger on April 28 and made public yesterday. According to the firm the key logger was found in Conexant HD Audio Driver Package version 1.0.0.46 and earlier and is preinstalled on most new HP laptops. Once the user logs in the driver starts a scheduled task that “monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys.”
Affected models include:
HP EliteBook 820 G3 Notebook PC HP EliteBook 828 G3 Notebook PC HP EliteBook 840 G3 Notebook PC HP EliteBook 848 G3 Notebook PC HP EliteBook 850 G3 Notebook PC HP ProBook 640 G2 Notebook PC HP ProBook 650 G2 Notebook PC HP ProBook 645 G2 Notebook PC HP ProBook 655 G2 Notebook PC HP ProBook 450 G3 Notebook PC HP ProBook 430 G3 Notebook PC HP ProBook 440 G3 Notebook PC HP ProBook 446 G3 Notebook PC HP ProBook 470 G3 Notebook PC HP ProBook 455 G3 Notebook PC HP EliteBook 725 G3 Notebook PC HP EliteBook 745 G3 Notebook PC HP EliteBook 755 G3 Notebook PC HP EliteBook 1030 G1 Notebook PC HP ZBook 15u G3 Mobile Workstation HP Elite x2 1012 G1 Tablet HP Elite x2 1012 G1 with Travel Keyboard HP Elite x2 1012 G1 Advanced Keyboard HP EliteBook Folio 1040 G3 Notebook PC HP ZBook 17 G3 Mobile Workstation HP ZBook 15 G3 Mobile Workstation HP ZBook Studio G3 Mobile Workstation HP EliteBook Folio G1 Notebook PC
Affected operating systems:
Microsoft Windows 10 32-Bit Microsoft Windows 10 64-Bit Microsoft Windows 10 IOT Enterprise 32-Bit (x86) Microsoft Windows 10 IOT Enterprise 64-Bit (x86) Microsoft Windows 7 Enterprise 32 Edition Microsoft Windows 7 Enterprise 64 Edition Microsoft Windows 7 Home Basic 32 Edition Microsoft Windows 7 Home Basic 64 Edition Microsoft Windows 7 Home Premium 32 Edition Microsoft Windows 7 Home Premium 64 Edition Microsoft Windows 7 Professional 32 Edition Microsoft Windows 7 Professional 64 Edition Microsoft Windows 7 Starter 32 Edition Microsoft Windows 7 Ultimate 32 Edition Microsoft Windows 7 Ultimate 64 Edition Microsoft Windows Embedded Standard 7 32 Microsoft Windows Embedded Standard 7E 32-Bit
Â
Here’s how to Check for and Remove the HP MicTray64 Keylogger
According to modzero, to check for and remove the HP MicTray64.exe keylogger, you should follow these steps:
- Open Task Manager and check for a running process called MicTray64.exe. If this process exists, close it.
 - Navigate to c:\Windows\System32\MicTray64.exe and move the file to your Desktop.
 - Now check if the file C:\Users\Public\MicTray.log exists. If it does, move this file to the Desktop as well.
 - Now that the keylogger has been removed and you have isolated the log files, let’s take a look at what was logged.
 - Open the MicTray.log file on your desktop and examine the contents. If you notice that login names, passwords, banking info, or any other sensitive login info has been logged, you should immediately change your passwords at the associated accounts.Â
After following the steps, the keylogger will no longer be active and will not start on reboot.
If you would like help installing the new audio drivers on your HP laptop give us a call and we can help you out!
Â