

Lenovo firmware overrides Windows system files, after no-internet DVD install - jakub_g
http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014

======
chuckup
I would be interested to see if any other manufacturers are doing this as
well.

You can easily check: if a file called wpbbin.exe is in your windows\system32
directory, that means Windows found and executed code that was in your
firmware.

Or, see if your autochk.exe hash isn't from Microsoft (paste the hash into
virustotal) If OK, virustotal would say, "Trusted source! This file belongs to
the Microsoft Corporation software catalogue."

I ask because last month, when I searched for "wpbbin.exe" I found lots of
people who thought they had viruses, posting scan logs to various sites, and
the scan logs mentioned this file as well as things that looked like Dell and
HP stuff. "Wpbbin.exe" is a file that would only exist in your system32 if
Windows found it in your firmware.

------
jakub_g
See also
[https://news.ycombinator.com/item?id=10039870](https://news.ycombinator.com/item?id=10039870)

------
jakub_g
The update in the thread says that apparently Lenovo recently disabled the
feature, and that it was never enabled on Thinkpads

[http://news.lenovo.com/article_display.cfm?article_id=2013](http://news.lenovo.com/article_display.cfm?article_id=2013)

[https://support.lenovo.com/us/en/product_security/lse_bios_n...](https://support.lenovo.com/us/en/product_security/lse_bios_notebook)

