Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns.
Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware.
One of the most popular Chinese computer manufacturers ‘Lenovo’ has been
caught once again using a hidden Windows feature to preinstall unwanted
and unremovable rootkit software on certain Lenovo laptop and desktop
systems it sells.
The feature is known as "Lenovo Service Engine" (LSE) – a piece of code presents into the firmware on the computer's motherboard.
If Windows is installed, the LSE automatically downloads and installs
Lenovo's own software during boot time before the Microsoft operating
system is launched, overwriting Windows operating system files.
More worrisome part of the feature is that it injects software that
updates drivers, firmware, and other pre-installed apps onto Windows
machine – even if you wiped the system clean.
So even if you uninstall or delete the Lenovo's own software programs,
the LSE hidden in the firmware will automatically bring them back as
soon as you power-on or reboot your machine.
Users at a number of online forums are criticizing Lenovo for this move
and suspecting that the Chinese computer maker has installed a "bootkit"
that survives a full system wipe-and-reinstall.
The issue was first discovered and reported by users back in May when using new Lenovo laptops but was widely reported Tuesday.
What these Unwanted Program Does?
For Desktops:
In case of desktops, Lenovo's own description states that the software
doesn't send any personally identifying information, but sends some
basic information, including the system model, date, region, and system
ID, to a Lenovo server.
Moreover, the company claims that this process is done only one-time,
sending the information to its server only when a machine first connects
to the Internet.
For Laptops:
However, in case of Laptops, the software does rather more. LSE installs
a software program called OneKey Optimizer (OKO) that bundles on many
Lenovo laptops.
According to the company, the OKO software is used for enhancing computer performance by "updating the firmware, drivers, and pre-installed apps" as well as "scanning junk files and find factors that influence system performance."
OneKey Optimizer falls under the category of "crapware". The worst part is that both LSE as well as OKO appears to be insecure.
Back in April, security researcher Roel Schouwenberg reported some
security issues, including buffer overflows and insecure network
connections, to Lenovo and Microsoft.
This forced Lenovo to stop including LSE on its new systems that built
since June. The company has also provided firmware updates for
vulnerable laptops and issued instructions to disable the option on
affected machines and clean up the LSE files.
Among others, many Flex and Yoga machines running an operating system
including Windows 7, Windows 8, and Windows 8.1 are affected by this
issue. You can see the full list of affected notebooks and desktops on
Lenovo's website.
Lenovo has since released an official statement, which notes that the
systems made from June onwards have BIOS firmware that eliminates the
issue, and it's no longer installing Lenovo Service Engine on PCs.
Expert way! How to Remove Lenovo Service Engine (Rootkit)
In order to remove LSE from your affected machines, you have to do it manually. Follow these simple steps in order to do so:
- Know your System Type (whether it’s a 32-bit or 64-bit version of Windows)
- Browse to the Lenovo Security Advisory, and select the link for your specific Lenovo machine.
- Click the "Date" button for the most recent update.
- Search for "Lenovo LSE Windows Disabler Tool" and Click the download icon next to the version that matches your version of Windows.
- Open the program once it downloads. It will remove the LSE software.
