Home / malwarePDF  

MonitoringTool:Win32/MicTrayDebugger


First posted on 19 May 2017.
Source: Microsoft

Aliases :

There are no other names known for MonitoringTool:Win32/MicTrayDebugger.

Explanation :

Installation

This threat is a flaw in an out-of-date Conexant HD Audio Driver installation that is pre-installed on some models of HP PCs. As part of debugging code that was accidently left in by Conexant, this outdated driver can log keystrokes to a file that can be accessed by other users logged into the same PC and under some configurations can be accessed remotely by other people on your local network. It is important to note that any data logged is erased each time a user logs off or restarts their PC.

If running an affected version of Conexant HD Audio Driver, it will log debug messages that may include keystrokes into a file at the following location on your PC:

  • C:\Users\Public\MicTray.log


If the PC has Public folder sharing enabled, the user ‘Public' folder is shared with other PCs on the local network giving them remote access to the keystrokes on your PC. Additionally, the ‘Public' folder is by default accessible to all users logged into the local PC giving them access to your keystrokes. Each time you log in, the MicTray.log debug logfile will be erased and created again.

The component responsible for creating this logfile can be found at the following locations on your PC.
  • \MicTray.exe
  • \MicTray64.exe
  • \CONEXANT\MicTray\MicTray.exe
  • \CONEXANT\MicTray\MicTray64.exe


Note: The updated version of MicTray is not a risk and is located at these same paths. The presence of these files does not mean you are affected. Windows Defender AV only removes the affected versions of these components.

Additional information

See the following web pages for additional information:
  • https://support.hp.com/us-en/document/c05519670
  • https://newsblog.ext.hp.com/t5/HP-newsroom-blog/An-update-from-HP-on-security/ba-p/936

Last update 19 May 2017

 

TOP