Modzero AG’s security experts revealed that some HP device drivers sport a keylogger, which is a malicious code that can control and save everything we type on a computer, stealing sensitive passwords and accesses. The keylogger is included in the audio drivers, and actually saves anything typed by users in the MicTray.log log file that is located in C:\Users\Public\. Interestingly, the log is in the Public folder and not in the specific User folder.
Which HP devices are affected
Certainly infected models are the following:
- HP EliteBook 820 G3 Notebook PC
- HP EliteBook 828 G3 Notebook PC
- HP EliteBook 840 G3 Notebook PC
- HP EliteBook 848 G3 Notebook PC
- HP EliteBook 850 G3 Notebook PC
- HP ProBook 640 G2 Notebook PC
- HP ProBook 650 G2 Notebook PC
- HP ProBook 645 G2 Notebook PC
- HP ProBook 655 G2 Notebook PC
- HP ProBook 450 G3 Notebook PC
- HP ProBook 430 G3 Notebook PC
- HP ProBook 440 G3 Notebook PC
- HP ProBook 446 G3 Notebook PC
- HP ProBook 470 G3 Notebook PC
- HP ProBook 455 G3 Notebook PC
- HP EliteBook 725 G3 Notebook PC
- HP EliteBook 745 G3 Notebook PC
- HP EliteBook 755 G3 Notebook PC
- HP EliteBook 1030 G1 Notebook PC
- HP ZBook 15u G3 Mobile Workstation
- HP Elite x2 1012 G1 Tablet
- HP Elite x2 1012 G1 with Travel Keyboard
- HP Elite x2 1012 G1 Advanced Keyboard
- HP EliteBook Folio 1040 G3 Notebook PC
- HP ZBook 17 G3 Mobile Workstation
- HP ZBook 15 G3 Mobile Workstation
- HP ZBook Studio G3 Mobile Workstation
- HP EliteBook Folio G1 Notebook PC
all with Windows 7 and Windows 10 operating systems on board.
How to identify and delete the keylogger
If you own one of these devices or you want to check your HP device still, you must check if C:\Windows\System32\MicTray64.exe and C:\Windows\System32\MicTray.exe files exist. If you find them, you must either delete them or rename the executable files to block the keylogger activity. Also, look for the Users\Public\MicTray.log file and delete it as it contains all of your sensitive information such as passwords, credit cards and so on. The keylogger is in the MicTray executable and is installed with the Conexant audio driver.
Also, take a look at our list of tested antivirus software, and you’ll find different solutions to eliminate and prevent keyloggers.