A recently uncovered feature – which had been swept under the rug – allowed new Lenovo laptops to use new Windows features to install the company’s software and tools even if the computer was wiped. The oddity was first noted by Ars Technica forum user ‘ge814‘ and corroborated by Hacker News user ‘chuckup.’ The users discovered the issue in May when using a new Lenovo laptop that automatically and covertly overwrote a system file on every boot, which downloaded a Lenovo updater and installed software automatically, even if Windows was reinstalled from a DVD.
The only problem is that nobody actually asked for this software, and it persisted between clean installs of Windows. Lenovo was essentially exploiting a rootkit on its own laptops to ensure its software persists if wiped. The mechanism triggering this is called the Lenovo Service Engine, which downloads a program called OneKey Optimizer used for “enhancing PC performance by updating firmware, drivers and pre-installed apps as well as “scanning junk files and find factors that influence system performance.”
It also sends “system data to a Lenovo server to help us understand how customers use our products” but the company claims it’s not “personally identifiable information.” The problem is, users have no idea this is going on and it was very hard to get rid of. If Windows 7 or 8 is installed, the BIOS of the laptop checks ‘C:\Windows\system32\autochk.exe’ to see if it’s a Microsoft file or a Lenovo-signed one, then overwrites the file with its own.