Detect the keylogger preinstalled on the HP laptop driver

HP has released an update for many HP Notebooks to eliminate errors that allow an attacker to take advantage of a keylogger to hack a computer. The keylogger code included in the SynTP.sys file is part of the Synaptics Touchpad driver, available on many HP notebooks.

See also: What is a keylogger?

Michael Mying, the researcher who discovered this error earlier this year, said: 'The default is turned off but by setting the value for the registry it can be turned on'. This value is:

HKLMSoftwareSynaptics% ProductName% HKLMSoftwareSynaptics% ProductName% Default

An attacker can use this value to monitor activity on user machines without detection by security software. Simply pass the UAC notification when editing the registry value, there are currently many ways to bypass UAC.

Detect the keylogger preinstalled on the HP laptop driver Picture 1
Not the first time HP users are startled by keyloggers

The reason is due to the remaining debug code

Myng let keylogger be used to scan code, monitor WPP, capital to fix code errors during software development. HP acknowledged to have left the keylogger code in the debug process and released an update to remove.

This is not the first time HP has 'forgotten' the dubug code on his driver. The same story happened in May.

HP offers a list of affected machines, including links to update the firmware https://support.hp.com/us-en/document/c05827409 , including all 475 models, including 303 personal computers and 172 business machines (commercial, mobile thin and workstation). Lists with HP Stream, ZBook, EliteBook, ProBook, some Compaq series .

See also: Instructions for checking and deleting keyloggers on HP