Warning message... Link to action
Small businesses targeted by highly localized malware campaign that distributes info-stealing Ursnif. Learn how machine learning protects you
Aliases: No associated aliases
Windows Defender AV detects and removes this threat.
This threat is a flaw in an out-of-date Conexant HD Audio Driver installation that is pre-installed on some models of HP PCs. As part of debugging code that was accidently left in by Conexant, this outdated driver can log keystrokes to a file that can be accessed by other users logged into the same PC and under some configurations can be accessed remotely by other people on your local network. It is important to note that any data logged is erased each time a user logs off or restarts their PC.
This detection removes the Conexant component that causes this keylogging. Doing so also disables the keyboard short cut that turns the microphone on and off. The keylogging was caused by debug code that was unintentionally left by Conexant and was not meant to be included in the final shipped version. No keylogging data is sent to HP or Conexant. HP has fixes available and these fixes are installed automatically for customers who use Windows Update. These fixes remove any logging of keys, and also automatically remove the logfile. See their security advisory for more information.
To restore functionality of the laptop microphone shortcuts after this detection, install the latest version of the Conexant HD Audio Drivers automatically provided through Windows Update or download it from HP.COM. You can check for Windows updates manually from the following sites:
- Windows 10 https://support.microsoft.com/en-us/instantanswers/ad5a063e-5f57-c715-2566-b983195752c1/update-drivers-in-windows-10
- Windows 7 and below https://support.microsoft.com/en-us/help/3067639/how-to-get-an-update-through-windows-update
Alternatively, you can manually download and install the updates to your device from HP:
You can also refer to the following content from HP for additional information: