Lenovo using rootkit-like tool to reload their software on clean Windows installs

It seems that year 2015 is not a great year for Lenovo in terms of publicity. In fact, there have been several issues with their PCs and laptops that have given Lenovo a negative publicity. Earlier it was SuperFish, that was pre-installed on brand new Lenovo PCs and which was classified as adware. Then there was the Lenovo system update tool issue. This time, Lenovo is caught using some rootkit-like tool to reload their bloatware, even on the PCs with clean Windows installs. That is certainly not a great news for Lenovo users.


How Lenovo reloads its bloatware

The biggest question arises here is that, how Lenovo is able to reload their bloatware, even after the users have wiped the system and installed Windows freshly? The company is certainly not using any recovery image for this purpose. And another important thing to notice is, these bloatware are getting installed even when there is no active internet connection with the system. Seems really mysterious!

Actually, the rootkit is the secret here. The rootkit is nothing but a Windows feature which is known as Windows Platform Binary Table (WPBT). Using WPBT, manufacturers of PCs and laptops makes sure that the trusted and most important software that is extremely necessary for the system to run smoothly, is installed effortlessly. This kind of software is stored inside the PC on a physical medium. This is generally a hidden partition on an HDD or SSD. And to make the installation automatic, Windows is instructed that way.

However, the only limitation this technique has, that only one software can be installed in this way. Lenovo is using rootkit for nagging users to install other bloatware apart from the one that gets installed automatically. Lenovo is violating Microsoft’s guidelines in which it is stated that the users should have an option to opt out of any installation instruction. However, Lenovo is not giving any option to the users to do the same. WPBT is a common practice used by several manufacturers. However, Lenovo is kind of misusing the rootkit.

However, there’s a way out. One of ArsTechnica forum user has shared instructions on how to re-flash your Lenovo system, so that it does not install the bloatware again.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

One Comment

  1. jensenjs

    My solution to this is quite simple, I have decided not to buy a Lenovo as previous planned within the next 1-2 years.

    I have always liked the way the IBM/Lenovo is build, solid, intelligent, with hardware build in a user friendly way. But this was IBM that build it that way, an all the way solid and intelligent build PC, Lenovo was hired to build the machines, Lenovo took over the IBM product, and Lenovo got a great success out of keeping it the IBM way, and finally Lenovo smashed took a prime product and smashed it into pieces.

    So HP are in the focus now, unless others show the same quality as the IBM laptop once was.

    I don’t like these flimsy ultra thin laptops, I want it to be a chunky and solid “power station”, I want to add more or change the Ram, I want to change the processors, and cards and so on.

    The IBM/Lenovo was such a great product and Lenovo has turned the still great product into a overall security risk with build in resource consuming trash-can
    Sad, very sad.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 8 =