Savvy users have detected pre-installed software on Lenovo laptops and desktops. Earlier in the year, Lenovo was found to have been shipping computers with Superfish adware, which left private user data compromised. This newly found software—officially branded as Lenovo Service Engine (LSE)—goes deeper. Some IT professionals have even taken to calling it a rootkit, though technically it is not a rootkit.
What is Lenovo Search Engine?
LSE takes advantage of a feature in Microsoft Windows designed to allow manufacturers to load essential software onto systems. Named Windows Platform Binary Table (WPBT), Lenovo used the feature executable software that prompted users to install bloatware.
Even after a clean install, with the storage drive completely wiped, Lenovo’s LSE still manages to install itself along with Windows. Now this goes against the purpose of WPBT, according to Microsoft in their WPBT documentation (Warning: .docx file).
“The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration. One use case for WPBT is to enable anti-theft software which is required to persist in case a device has been stolen, formatted, and reinstalled.”
The way LSE manages to survive a drive reformat is a stroke of genius—they stored it in the BIOS ROM chip. A drive format doesn’t ever touch that ROM chip, so LSE always remains safe.
How to get rid of Lenovo Service Engine
On Spiceworks, Lenovo has responded by stating that they released a new BIOS firmware to address the issue for consumer notebooks and desktops. See the desktop and notebook BIOS update download links for more information. They specifically say that LSE was not on any “Think-brand” devices. This means it shouldn’t be an issue for their business-grade computers
If you want to remove it manually, resourceful user ge814 on the Ars Technica forums also posted an independent solution for removing the LSE ‘rootkit’ in a thread. Performing the fix requires some degree of technical know-how and you will find yourself disassembling the computer to get at the flash ROM chip that stores BIOS.
Getting rid of other bloat/ad/spy/mal-ware
Even if you don’t have a system with LSE installed, your computer could have bloatware from the factory or spyware from third party installations. These programs can sap performance in the best of cases or compromise your privacy in the worst. Follow our best practices to avoid adware so you don’t have to remove them.
But if your system has been compromised with bloatware, adware, spyware, or malware, you fortunately have several options.
- Manually identifying and uninstalling malware. It can take a while and is best done after a fresh install, prior to installing any third party program. After a long period of use, you may have a hard time discerning if a particular program was installed by yourself or bloatware.
- Revo Uninstaller – Often, manually uninstalling programs still leaves traces of that program in your Windows registry file. Revo not only uninstalls programs, but it also cleans your registry to ensure that they don’t leave anything behind that could slow down your system.
- CCleaner – A tool to remove malware that can remove many programs at once, saving you time. Both free and purchase versions are available for download. Run it every few months to ensure your system stays malware free.
- PC Decrapifier – Made specifically to rid your system of bloatware, it can also get rid of programs installed computer at a later date. It scans your system for known bloatware and identifies them for you.
- Should I Remove It? – If you come across a program and don’t know if it is bloatware or an actually useful program you installed, consult this program. You can download their program or use their website as a search engine for bloatware.
Having to get rid of bloatware and rootkits manually is a pain, but would you rather pay to get rid of it? Surprisingly, Sony at one time actually attempted to charge users an additional $50 to buy PCs with the bloatware removed. Thankfully with some time and the programs above, you can remove them yourself. As for rootkits, just stay vigilant and follow HardBoiled for the latest news.