這家公司與這類事情,好像不怎麼意外:「Lenovo used a hidden Windows feature to ensure its software could not be deleted」。
每次開機時 BIOS 會檢查是不是 Windows 7 或 Windows 8,如果是,而 C:\Windows\system32\autochk.exe
不是 Lenovo 所簽名的版本,那麼就會蓋掉變成自己版本:
If Windows 7 or 8 is installed, the BIOS of the laptop checks ‘C:\Windows\system32\autochk.exe’ to see if it’s a Microsoft file or a Lenovo-signed one, then overwrites the file with its own.
接著這個 autochk.exe
在開機被執行時就會建立 LenovoUpdate.exe
以及 LenovoCheck.exe
,然後透過網路下載程式回來跑:
Then, when the modified autochk file is executed on boot, another two files LenovoUpdate.exe and LenovoCheck.exe are created, which set up a service and download files when connected to the internet.
影響的範圍包括了:
A wide range of Lenovo laptops are affected by the issue: Flex 2 Pro-15/Edge 15 (Broadwell/Haswell models), Flex 3-1470/1570/1120, G40-80/G50-80/G50-80 Touch/V3000, S21e, S41-70/U40-70, S435/M40-35, Yoga 3 14, Yoga 3 11, Y40-80, Z41-70/Z51-70 and Z70-80 / G70-80.
如果已經買了這批電腦,請依照官方提供的新 BIOS 更新:「Lenovo Service Engine (LSE) BIOS for Notebook」。
如果還沒買的話,以後也請不要買,像是「My dream machine: Lenovo may build a new “classic” ThinkPad」這種消息看看就好...