<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<pre><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">One of the first comments on the link gives the link to the original alert which says the work around is:<br><br></span>Delete MicTray executables and logfiles. Deleting the Scheduled<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">Task is not sufficient, as Conexant's Windows Service CxMonSvc will<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">launch MicTray otherwise. The executable is located at<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">c:\Windows\System32\MicTray64.exe, the MicTray logfile is located at<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">C:\Users\Public\MicTray.log<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ale-bounces@ale.org [mailto:ale-bounces@ale.org]
<b>On Behalf Of </b>Jim Kinney<br>
<b>Sent:</b> Friday, May 12, 2017 11:30 AM<br>
<b>To:</b> Atlanta Linux Enthusiasts<br>
<b>Subject:</b> Re: [ale] OT: HP keylogger<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Fri, 2017-05-12 at 10:04 -0400, DJ-Pfulio wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre style="mso-margin-top-alt:5.0pt;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">Issue for pre-loaded Windows7+ with audio drivers.<o:p></o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">If you wipe that and put linux on, not an issue.<o:p></o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:5.0pt;margin-left:.5in">If you wipe it and put Windows from a different source, not an issue.<o:p></o:p></pre>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Not sure of that from the article. The malware was in the driver for hardware specific to the HP laptop. Not tested yet to see if the mess is in the driver collection for separate download or just the default image from HP.<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre><o:p> </o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">On 05/12/2017 09:57 AM, Boris Borisov wrote:<o:p></o:p></pre>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre><o:p> </o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:1.0in;margin-bottom:0in;margin-left:1.0in;margin-bottom:.0001pt">Just in case:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://hackaday.com/2017/05/12/hp-laptops-turn-up-keylogger-where-you-wouldnt-expect-it/">http://hackaday.com/2017/05/12/hp-laptops-turn-up-keylogger-where-you-wouldnt-expect-it/</a><o:p></o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:1.0in;margin-bottom:5.0pt;margin-left:1.0in"> <o:p></o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">_______________________________________________<o:p></o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">Ale mailing list<o:p></o:p></pre>
<pre><a href="mailto:Ale@ale.org">Ale@ale.org</a><o:p></o:p></pre>
<pre><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><o:p></o:p></pre>
<pre style="mso-margin-top-alt:0in;margin-right:.5in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt">See JOBS, ANNOUNCE and SCHOOLS lists at<o:p></o:p></pre>
<pre><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><o:p></o:p></pre>
</blockquote>
<div>
<pre>-- <o:p></o:p></pre>
<pre>James P. Kinney III<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Every time you stop a school, you will have to build a jail. What you<o:p></o:p></pre>
<pre>gain at one end you lose at the other. It's like feeding a dog on his<o:p></o:p></pre>
<pre>own tail. It won't fatten the dog.<o:p></o:p></pre>
<pre>- Speech 11/23/1900 Mark Twain<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://heretothereideas.blogspot.com/">http://heretothereideas.blogspot.com/</a><o:p></o:p></pre>
</div>
</div>
</body>
</html>