cancel
Showing results for 
Search instead for 
Did you mean: 
SergeM
Level 9

Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?

Hi,

Yesterday's news :

modzero Security  Advisory:  Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package. [MZ-17-01]

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

Beware! Built-in Keylogger Discovered In Several HP Laptop Models

Thursday, May 11, 2017 Swati Khandelwal

(...)

Your HP laptop may be silently recording everything you are typing on your keyboard.

While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.

http://thehackernews.com/2017/05/hp-audio-driver-laptop-keylogger.html

Here's how to Check for and Remove the HP MicTray64 Keylogger

According to modzero, to check for and remove the HP MicTray64.exe keylogger, you should follow these steps:

  1. Open Task Manager and check for a running process called MicTray64.exe. If this process exists, close it.
  2. Navigate to C:\Windows\System32\MicTray64.exe and move the file to your Desktop.
  3. Now check if the file C:\Users\Public\MicTray.log exists. If it does, move this file to the Desktop as well.
  4. Now that the keylogger has been removed and you have isolated the log files, let's take a look at what was logged.
  5. Open the MicTray.log file on your desktop and examine the contents. If you notice that login names, passwords, banking info, or any other sensitive login info has been logged, you should immediately change your passwords at the associated accounts.

After following the steps, the keylogger will no longer be active and will not start on reboot.

The question is : can ENS10 (or VSE, or...) protect us against these? And how (what do we need to do)?

IOW: there was a functionality for user-defined "unwanted programs (or files)" in VSE. Is there anything similar in ENS10 ?

Thank you

Serge

Message was edited by: Serge M.

0 Kudos
2 Replies
jerryl
Level 7

Re: Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?

Hi,

Looks like HP had just released the updated driver.  It is in the below URL:

HPSBGN03558 rev.1 - Conexant HD Audio Driver Local Debug Log | HP® Customer Support

Regards,

Jerry

bodysoda
Level 9

Re: Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?

Since you know about the UPNP file name, "MicTray64.exe /MicTray.log ", you can create an new Explort Prevention Rule to block or report those HP driver related files created on C:\Users\Public\MicTray.log.

0 Kudos