How to Check Your HP Laptop for the Synaptic Keylogger and Remove It
Last week BleepingComputer covered how some HP laptops have a keylogger, or really a debug trace, in a certain version of the the Synaptic keyboard driver. While the driver’s ability to log keystrokes was disabled by default, it is still a serious security risk that should be fixed on all users of HP laptops.
Before we get started explaining how to check your system for this particular driver, it is important to note that the keylogging was not placed in the driver for malicious reasons. It appears that it was instead being used by the driver developers to help them find bugs in the driver while it was being developed. Unfortunately, by mistake this debug trace function was not removed from the driver before it was released for production.
With that said, if you have an HP laptop, you may be wondering if your laptop has the driver installed that contains this debug trace, or keylogging, feature. To see if you have the affected driver, you can go to the C:\Windows\System32\drivers folder and look at the properties of the SynTP.sys driver as shown below.
If the Product version is listed as 184.108.40.206 16Aug16, then you have the driver installed that contains the keylogging/debug trace feature.
For those who have the above driver installed, you should immediately download the latest driver available for your laptop that is listed on this HP support page. Even if you do not have the affected version installed, I still suggest you install the update if your laptop is listed as it is possible other versions may have been affected as well.
Once you install this update, the SynTP.sys driver will be replaced with a version that has the debug trace removed and the keylogging capabilities are no longer present. If you regularly update the software on your laptops, then you may have this update installed already as it was released in early November 2017 when researcher Michael Myng reported the bug to HP.
Read the original article courtesy of Bleeping Computer.