How to Remove Lenovo's Alleged 'Bootkit' Software

Senior Writer
Updated

Credit: Alphaspirit/ShutterstockCredit: Alphaspirit/Shutterstock

Bloatware is so common on PCs these days that each computer review on our sister site Laptop has a section dedicated to the issue. To get rid of unwanted, preinstalled programs, many tech-savvy users do a "clean" Windows re-installation as soon as they buy a new machine.

However, that may not be possible on some recent Lenovo laptops and desktops. Forum discussions on Ars Technica and Y Combinator allege that Lenovo-provided bloatware installs itself even with a clean installation, leading commenters to suspect that the Chinese computer maker has installed some sort of "bootkit" that survives a full wipe-and-reinstall.

MORE: Best and Worst Laptop Brands

Lenovo representatives did not admit or deny the presence of such software when questioned by Tom's Guide.  Instead, they directed us to a Lenovo press statement issued July 31 that advised updating the BIOS firmware on certain Lenovo machines to resolve a security vulnerability created by a BIOS utility called Lenovo Service Engine (LSE) -- which does indeed sound like what the forum discussions have been about.

This could be another public-relations black mark for the company, which in February was discovered to be pre-installing a browser hijacker called Superfish that would break Web encryption and insert supplemental ads in Web browsers on certain machines.

According to a Lenovo security advisory, also issued July 31, Lenovo Service Engine (LSE) boots before the operating system and installs software called OneKey Optimizer, which, according to Lenovo documentations, "can enhance your PC's performance by updating firmware, drivers and pre-installed apps."

Lenovo now recommends that users patch the BIOS to disable LSE, and the company says it stopped preinstalling LSE in May. However, there are sure to be many computers in supply chains, not to mention already sold, that have the software.

Whenever Windows 7 or 8 is installed on a computer Lenovo pre-loaded with LSE, the machine's BIOS performs a check to see if OneKey Optimizer is present, and if the check fails, that software is re-installed.

Lenovo stated the LSE security flaw was brought to its attention by independent security researcher Roel Schouwenberg, formerly of Kaspersky Lab, who described "possible ways [LSE] could be exploited in the Lenovo Notebook implementation by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server."

Lenovo has released a LSE Windows Disabler Tool, and instructions for using it are below.

Here's a list of Lenovo computers sold in North America that have LSE installed:

  • Flex 2 Pro-15/Edge 15 (Broadwell)
  • Flex 2 Pro-15/Edge 15 (Haswell)
  • Flex 3-1470/1570
  • Flex 3-1120
  • G40-80/G50-80/G50-80 Touch/V3000
  • S21e
  • S41-70/U41-70
  • S435/M40-35
  • Yoga3 14
  • Z70-80 / G70-80
  • Yoga 3 11
  • Y40-80
  • Z41-70/Z51-70

How to Remove Lenovo Service Engine

1. You'll need to know if your computer is a 32-bit or 64-bit version of Windows, so click on the Start button.

2. Select Settings.

3. Click System.

4. Select About from the left rail.

5. Note what the screen says for System Type.

6. Browse to the Lenovo Security Advisory, where you'll select the link for your specific Lenovo machine.

7. Click the "Date" button to bring the most recent update to the top of the page.

8. Scroll down until you find the item for "Lenovo LSE Windows Disabler Tool" and click the download icon next to the version that matches your version of Windows.

9. Open the program once it downloads. It will remove the LSE software.