-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
- HP Community
- Notebooks
- Notebook Audio
- Monitoringtool.win32/mictraydebugger removal

Create an account on the HP Community to personalize your profile and ask a question
04-12-2024 09:13 AM
Windows Defender finds severe threat from MonitoringTool:Win32/MicTrayDebugger. iVirus is dsabled from Defender but then comes back. Ran full scan, remove, offline scan. Same result Ran 6 times. Installed updated Conextant driver. No change.
MonitoringTool:Win32/MicTrayDebugger
Failed
Virus is located in containerfile: C:\Recovery\Customizations\usmt.ppkg file: C:\Recovery\Customizations\usmt.ppkg->\ICB\0\MachineSpecific\File\C$\Program Files\CONEXANT\Install\Audio\MicTray\MicTray\MicTray.exe
file: C:\Recovery\Customizations\usmt.ppkg->\ICB\0\MachineSpecific\File\C$\Windows\Cnxt\Rollback\oem5.inf\MicTray.cab
04-28-2024 06:25 PM
Did you ever get a response to your MonitoringTool:Win32\MicTrayDebugger threat detection question? I have the same problem on my HP Envy Notebook. I use McAfee as my regular runtime AV/malware, but I periodically do Microsoft Defender scans as an additional check. I regularly do Windows Updates, but after an April 2024 update that included major Windows Updates, Security Intelligence, Malicious Software Removal Tool, Cumulative Environment, etc. I got the same thing you got when I did a full scan.
The Recovery partition is an HP OEM provision package that can be used to reset the laptop back to factory OS and settings including drivers. My usmt.ppkg file is dated 06/18/2016 when I bought the laptop. So, it's been there all the time. It's weird that Defender is all of a sudden now reporting the problem in that recovery container file since the last Windows Update.
I do know that the Conexant HD Audio Driver that originally shipped with my laptop erroneously left a debug diagnostic hook in their production driver that included the MicTrayDebugger which is a key logger. The key logger is the threat. So, that 2016 OEM recovery MicTray.exe file probably legitimately has that threat in it because it installs the older original driver. I'm just curious why now Defender reports it and not before.
I'm following your post as I hope to remedy my situation too. However, since my other AV/Malware doesn't report anything, and Microsoft Defender Quick Scan doesn't report it either (Quick Scan, I assume, scans system/execution memory to look for that key logger) it must not really be an "active" threat. In other words, not running and executing. I'm thinking that it would only go active if we did a recovery and reverted back to the image in that usmt.ppkg. I'm hoping we get an answer.
04-29-2024 12:27 PM
Hi I have not found any way to remove the treat detection. I have been told by Microsoft support that there are no viruses on my computer. I removed and reloaded the Conextant driver but I still get the threat notice when I run a full scan. The information supplied by HP is worthless and they do not help, even though it came with the new HP computer. I believe it is an open door to a hacker, but since it has been there for 5 years, I think the threat is low. Unless our discussing it leads to a hacker. Very disappointed with HP not taking action.