1 Reply Latest reply on May 16, 2017 8:54 AM by jerryl

    Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?

    SergeM

      Hi,

       

      Yesterday's news :

       

      modzero Security  Advisory:  Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package. [MZ-17-01]

       

      https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

       

       

      Beware! Built-in Keylogger Discovered In Several HP Laptop Models

      Thursday, May 11, 2017 Swati Khandelwal

       

      (...)

      Your HP laptop may be silently recording everything you are typing on your keyboard.

       

      While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.

       

      http://thehackernews.com/2017/05/hp-audio-driver-laptop-keylogger.html

       

       

      Here's how to Check for and Remove the HP MicTray64 Keylogger

      According to modzero, to check for and remove the HP MicTray64.exe keylogger, you should follow these steps:

      1. Open Task Manager and check for a running process called MicTray64.exe. If this process exists, close it.
      2. Navigate to C:\Windows\System32\MicTray64.exe and move the file to your Desktop.
      3. Now check if the file C:\Users\Public\MicTray.log exists. If it does, move this file to the Desktop as well.
      4. Now that the keylogger has been removed and you have isolated the log files, let's take a look at what was logged.
      5. Open the MicTray.log file on your desktop and examine the contents. If you notice that login names, passwords, banking info, or any other sensitive login info has been logged, you should immediately change your passwords at the associated accounts.

      After following the steps, the keylogger will no longer be active and will not start on reboot.

       

       

      The question is : can ENS10 (or VSE, or...) protect us against these? And how (what do we need to do)?

       

      IOW: there was a functionality for user-defined "unwanted programs (or files)" in VSE. Is there anything similar in ENS10 ?

       

      Thank you

       

      Serge

       

      Message was edited by: Serge M.