Many HP laptops released in 2015 and 2016 have a major problem. The audio driver provided by Conexant has debugging code enabled, and it either logs all your keystrokes to a file or prints them to the system debug log, where malware could snoop on them without looking too suspicious. Here’s how to check if your PC is affected.
Why Is My HP Laptop Logging My Keystrokes?
HP says it has no access to this data, and the keylogger in question does not appear to be malicious. There’s no evidence that the keylogger actually does anything with the keystrokes it captures beyond saving them to your PC. However, this could be dangerous, as that sensitive log of keystrokes would be available to malware and may be stored in backups. In other words, it’s not malice—just incompetence.
This appears to be debugging code in the Conexant audio driver, code which should have been removed by Conexant before the driver shipped on PCs. The part of the driver which listens for media shortcut keys automatically logs the keys it sees you press. It was discovered by researchers from Modzero.
How to Check if the Keylogger Is Active
There appears to be different behavior on different HP laptops, depending on the version of the audio driver they include. On many laptops, the keylogger writes keystrokes to the
C:\Users\Public\MicTray.log file. This file is wiped at each boot, but it may be captured and stored in system backups.
C:\Users\Public\ and see if you have a MicTray.log file. Double-click it to view the contents. If you see information about your keystrokes, you have the problem driver installed.
If you do see data in this file, you’ll want to delete the MicTray.log file from any system backups it may be a part of to ensure the records of your keystrokes are erased. You should also delete the MicTray.log file from here to erase the record of your keystrokes.
Even if you don’t see…