We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
MonitoringTool:Win32/MicTrayDebugger
Aliases: No associated aliases
Summary
Windows Defender AV detects and removes this threat.
This threat is a flaw in an out-of-date Conexant HD Audio Driver installation that is pre-installed on some models of HP PCs. As part of debugging code that was accidently left in by Conexant, this outdated driver can log keystrokes to a file that can be accessed by other users logged into the same PC and under some configurations can be accessed remotely by other people on your local network. It is important to note that any data logged is erased each time a user logs off or restarts their PC.
This detection removes the Conexant component that causes this keylogging. Doing so also disables the keyboard short cut that turns the microphone on and off. The keylogging was caused by debug code that was unintentionally left by Conexant and was not meant to be included in the final shipped version. No keylogging data is sent to HP or Conexant. HP has fixes available and these fixes are installed automatically for customers who use Windows Update. These fixes remove any logging of keys, and also automatically remove the logfile. See their security advisory for more information.
To restore functionality of the laptop microphone shortcuts after this detection, install the latest version of the Conexant HD Audio Drivers automatically provided through Windows Update or download it from HP.COM. You can check for Windows updates manually from the following sites:
- Windows 10 https://support.microsoft.com/en-us/instantanswers/ad5a063e-5f57-c715-2566-b983195752c1/update-drivers-in-windows-10
- Windows 7 and below https://support.microsoft.com/en-us/help/3067639/how-to-get-an-update-through-windows-update
Alternatively, you can manually download and install the updates to your device from HP:
You can also refer to the following content from HP for additional information:
- https://support.hp.com/us-en/document/c05519670
- https://newsblog.ext.hp.com/t5/HP-newsroom-blog/An-update-from-HP-on-security/ba-p/936
Run antivirus or antimalware software
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender for Windows 8.1 and Windows 10, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan.
Use cloud protection
Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10.
To check if it's running, go to All settings > Update & security > Windows Defender and make sure that your Cloud-based Protection settings is turned On.
Get more help
You can also see our advanced troubleshooting page for more help or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
If you think that an application has been wrongfully identified, submit the file here along with the detection name in the comments section.
