Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?


Yesterday's news :

modzero Security  Advisory:  Unintended/Covert Storage Channel for sensitive data in Conexant HD Audio Driver Package. [MZ-17-01]

Beware! Built-in Keylogger Discovered In Several HP Laptop Models

Thursday, May 11, 2017 Swati Khandelwal


Your HP laptop may be silently recording everything you are typing on your keyboard.

While examining Windows Active Domain infrastructures, security researchers from the Switzerland-based security firm Modzero have discovered a built-in keylogger in an HP audio driver that spy on your all keystrokes.

Here's how to Check for and Remove the HP MicTray64 Keylogger

According to modzero, to check for and remove the HP MicTray64.exe keylogger, you should follow these steps:

  1. Open Task Manager and check for a running process called MicTray64.exe. If this process exists, close it.
  2. Navigate to C:\Windows\System32\MicTray64.exe and move the file to your Desktop.
  3. Now check if the file C:\Users\Public\MicTray.log exists. If it does, move this file to the Desktop as well.
  4. Now that the keylogger has been removed and you have isolated the log files, let's take a look at what was logged.
  5. Open the MicTray.log file on your desktop and examine the contents. If you notice that login names, passwords, banking info, or any other sensitive login info has been logged, you should immediately change your passwords at the associated accounts.

After following the steps, the keylogger will no longer be active and will not start on reboot.

The question is : can ENS10 (or VSE, or...) protect us against these? And how (what do we need to do)?

IOW: there was a functionality for user-defined "unwanted programs (or files)" in VSE. Is there anything similar in ENS10 ?

Thank you


Message was edited by: Serge M.

2 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 3

Re: Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?


Looks like HP had just released the updated driver.  It is in the below URL:

HPSBGN03558 rev.1 - Conexant HD Audio Driver Local Debug Log | HP® Customer Support



Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Keylogger Found Pre-Installed in HP Audio Driver - how can we protect against this one ?

Since you know about the UPNP file name, "MicTray64.exe /MicTray.log ", you can create an new Explort Prevention Rule to block or report those HP driver related files created on C:\Users\Public\MicTray.log.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community