Security Windows

How to Stop Your HP Computer From Logging Your Keys

Ben Stegner 29-05-2017

How would you feel if your computer was keeping a log of everything you type in an insecure text file sitting on your hard drive? Someone (or some piece of malware) who knew where to look could unearth every password and credit card number you’ve typed, along with your recent browsing history and more 6 Ways You Can Be Tracked in Incognito or Private Browsing Mode Private browsing is private in 99% of cases, but can private browsing be hacked? Can you tell what someone has viewed incognito? Read More .


If you’re using an HP computer to read this article, I’ve got bad news for you. Security researchers have discovered that a problem with a driver in some HP computers recording everything you type Your HP Laptop May Be Logging Your Every Keystroke If you own an HP laptop or tablet you may have had every single thing you've typed on it logged and stored on your hard drive. Which is nice. Read More . Everything you’ve recently typed on your computer could be neatly sat in a text file with no protection.

Read on to find out how this happened and how you can combat it.

The Issue: Conexant Driver Woes

The root of the problem lies in an audio driver manufactured by the company Conexant. As you may know, drivers allow the variety of devices you own to interface with your computer. If you build your own PC How To Build Your Own PC It's very gratifying to build your own PC; as well as intimidating. But the process itself is actually quite simple. We'll walk you through everything you need to know. Read More , you’d have to install most of the drivers on your own. When buying off the shelf, they’re already included.

In this case, HP computers such as HP EliteBooks, ProBooks, ZBooks, and Elites were shipped with a version of the Coxenant audio driver that includes a keylogger. Even scarier, this started on computers sometime around December 2015, and affects other PCs with the Conexant driver installed.

As the user of an affected machine goes about their business, the keylogger stores all of their typed data in an insecure text file. While this file starts fresh every time you reboot your computer, it’s easy to recover older versions of a file Turn Back Time: 4 Tools & Tips To Restore Deleted Files In Windows One of Windows' biggest flaws could be your rescue, should you ever accidentally delete an important file: The Windows file system does not actually delete files. Until they are overwritten, deleted files can be restored. Read More . Plus, if you’re smart and back up your PC regularly The Ultimate Windows 10 Data Backup Guide We've summarized every backup, restore, recovery, and repair option we could find on Windows 10. Use our simple tips and never despair over lost data again! Read More , the log file with your older keylogged data was probably included in the backup.


Is This Another Superfish?

Thankfully, this situation is far less dangerous than Lenovo’s Superfish debacle Lenovo Laptop Owners Beware: Your Device May Have Preinstalled Malware Chinese computer manufacturer Lenovo has admitted that laptops shipped to stores and consumers in late 2014 had malware preinstalled. Read More a few years back. That violated your browser’s secure HTTPS connection Superfish Hasn't Been Caught Yet: SSL Hijacking Explained Lenovo's Superfish malware caused a stir, but the story's not over. Even if you removed the adware from your computer, the same vulnerabilty exists in other online applications. Read More to websites, allowing it to snoop on secure connections to places like your bank. Conversely, the HP keylogger doesn’t send the data anywhere.

HP can’t access it, so the risk lies with a person gaining physical access to your computer. Someone who knows about this exploit could easily search for the file containing all your typed information, with obviously disastrous results.

According to HP’s vice president, the keylogger function was accidentally added during development. It seems that they used it to check to make sure that certain key combinations were triggering audio shortcuts as intended. This is a crude solution, and fine during development, but clearly a problem when shipped to consumers.

Am I Affected?

Even if you don’t have an HP computer, you should still check to see if you have the Conexant audio driver installed. You can do so by typing Device Manager into the Start Menu to open that utility. Expand the Audio Inputs and Outputs header and look for Conexant Audio or something similar. If you have anything by that name installed, continue to check if the keylogger is on your system. You’re safe from this if you don’t have Conexant drivers.


Next, you should check for the log file of your keystrokes. Using the File Explorer, navigate to C:\Users\Public and look for a file named MicTray.log. That’s the log file. If you don’t see it, you’re probably safe. If you do, then you need to take action to stop this driver from recording your keystrokes.

How Can I Fix This?

Thankfully, HP has already released updates for these drivers to remove the keylogging functionality and delete the log file. Before these, the best fix was to rename or delete the file C:\Windows\System32\MicTray.exe (on a 32-bit computer) or C:\Windows\System32\MicTray64.exe (for 64-bit machines). However, this could cause your audio keys to stop working properly, so you should install the patches instead.

HP released the audio driver patches through Windows Update How to Manage Windows Update in Windows 10 For control freaks, Windows Update is a nightmare. It works in the background, and keeps your system safe and running smoothly. We show you how it works and what you can customize. Read More . Type Windows Update into the Start Menu and click Check for Updates to make sure you’re up-to-date. If you don’t see them or want to download the audio driver updates manually, install the HP Support Assistant software, which makes updating your audio, network, and other drivers easy How to Find & Replace Outdated Windows Drivers Your drivers might be outdated and need updating, but how are you to know? Here's what you need to know and how to go about it. Read More .

Your other option is to search for your PC model on HP’s Support Page and manually download the new Conexant audio driver from there. The Support Assistant is easier, though.


hp support assistant

That’s all you need to do to cut off this problem. After applying the updates, the driver won’t log your keystrokes anymore and the log file is gone. However, you should still be careful about older versions. Because the log file resides in the Public users folder, it likely got included in your system backups. Check out the history on whatever backup software you use to make sure that an older copy of MicTray.log isn’t in your backup. If you find anything, erase it.

Battling Keyloggers in the Future

As keyloggers go, this one was relatively minor. It didn’t send your data to anyone, only a person with physical access to your machine could access its contents, and HP fixed it quickly. However, more keyloggers are out there, and they’re scary. The idea of having someone read every key you hit on your computer is pretty scary. What’s more, some keyloggers can also capture what’s on your clipboard and even take screenshots without your knowledge.

keylogger example
Image Credit: FlippyFlink via Wikimedia Commons


Unfortunately, there’s no longer a good free anti-keylogger solution. We wrote about several of them Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More years ago, but they’ve since eliminated their free plans. Your best defense against keyloggers is running a good antivirus program that will catch them before they affect you. We also recommend running a scan with Malwarebytes Free occasionally for an additional layer of protection.

Were You Affected by This Keylogger?

If your HP computer contains an affected version of the Conexant driver, you can apply these patches quickly and return to using your computer safely. This underlines basic security principles that keep you safe: make sure you’re installing updates automatically and use an anti-malware solution to defeat rogue applications.

Don’t let this incident be a reason to avoid HP in the future — Lenovo is far worse when it comes to security 4 Security Reasons Why You Should Avoid Lenovo PCs Read More .

Do you own an HP computer that had this keylogger running? We want to hear from you if you removed it after learning about this exploit!

Image Credit: Sviat Studio via

Related topics: Keylogger, Windows.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *