Threat Database Malware MicTrayDebugger


MicTrayDebugger is a software that could monitor the users' activities by logging their keystrokes, as well as taking arbitrary screenshots. The detection is associated with the Microsoft Defender Antivirus (formerly the Windows Defender), and also could be encountered as Win32/MicTrayDebugger or Win32/MicTrayDebugger!ml. According to the researchers at Microsoft, the threat is related to a flaw in outdated versions of the Conexant HD Audio Driver. The faulty installations were discovered to come pre-installed on certain HP computer models.

MicTrayDebugger is described as debugging code that was accidentally left active in outdated driver versions. It will act as a keylogger that will deposit all captured keystrokes in a dedicated file with a default location at 'C:\Users\Public\MicTray.log.' This file and the information it contains could potentially be accessed by other users logged into the same PC. In addition, if the affected computer has the Public folder sharing feature enabled, it will allow other PCs on the same local network to remotely access the shared 'Public' folder and see the recorder keystrokes. It should be noted that the data saved in the MicTray.log file is erased every time the user logs off or the system is rebooted. 

Updating the faulty driver will remove the debugging component, which was not supposed to be released with the final shipped versions. The fixed versions and any additional fixes should be applied automatically with a Windows Update, but users also may try to manually download the necessary updates. 


Most Viewed