Earlier in the year, it was found that all Lenovo PCs/Laptops are shipped with a spyware calledSuperfish.
The secret UEFI level spyware installer kit discovery was made by a user,willSmith1701on Ars Technica Forum.
He had purchased a Lenovo G50-80 and did a clean install using a retail disc.
The software download process needs to connect to the internet.
However that is not the issue here.
Since the user tried a clean install, he shouldnt be getting such a message in the first place.
This message may be a indication of UEFI/BIOS level spyware in the Lenovo PCs.
Another user,Chuck11found many entries in the Windows system which contain files like LenovoCheck.exe and LenovoUpdate.exe.
If you delete those files, or just overwrite them with junk, they reappear when you reboot.
If you deactivate the service, it is Running when you reboot!
See this thread for someone else who noticed this, with more details nobody believes him!
During boot, theLenovoautochk.exewrites aLenovoUpdate.exeand aLenovoCheck.exefile to the system32 directory, something it should not be doing.
Then it sets up a services to run one of them when an internet connection is established.
Once it is connected to the Internet, it visits the site > https://download.lenovo.com/ideapad/wind … 2_oko.json.
The only way to escape these two backdoors created by Lenovo PCs and Laptops are to flash your BIOS.
It has also added that its popular Think-Pad and other Think branded PCs/Laptops are not affected by this vulnerability.
Lenovos use of LSE was not consistent with these new guidelines.
As a result, LSE is no longer being installed on Lenovo systems.
source: www.techworm.net
