I recently purchased a Lenovo H50-55 computer with Windows 10 Home x64 on it. I uninstalled some of the Lenovo software that shipped with the computer, but not all of it.
I ran a full malware scan of the computer using Avast Free Antivirus and it detected
C:\Program Files (x86)\Lenovo\XiaoU\UnInstall\LenovoService\setup.exe (which is a Lenovo file) as malicious and told me it was 'Win32:Malware-gen'.
This prompted further investigation and so I uploaded the file to VirusTotal, the results of which can be seen here (12 out of 53 antivirus programs detected it as malicious).
- Two of the antivirus programs on VirusTotal detected the setup.exe file as 'W32/OnlineGames.HI.gen!Eldorado', which according to this Microsoft page here may steal some pretty serious data.
- This is however a generic article for the family of malware (although this Microsoft page is more specific and about a very similarly named piece of malware that steals credentials).
I uploaded the file to Comodo Valkyrie, the results of which can be seen here. The service deemed it malware. UPDATE: Manual analysis of the file on Comodo Valkyrie deemed it clean.
I told Avast to fix the file but I'm concerned that further malware could still remain or that data could have already been stolen.
- Is this a real threat or not?
- What should I do next?
I'm considering wiping the entire PC and reinstalling Windows 10 from scratch but that won't help if data theft has already occurred.
I don't know if this is related, but I found a task in Windows Task Scheduler called 'Lenovo Customer Feedback Program 64 35' which I disabled but was previously running an exe called
C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe every day. There seems to be only a little bit of information about the Customer Feedback Program on the Internet. I believe that the Customer Feedback task is separate to the potentially malicious file. The customer feedback exe is deemed safe by VirusTotal and Lenovo themselves have an article about it here, which says that it sends non-personal data.
My network connection seems to be dropping out for brief periods of time every so often. I do not know whether this is a related issue.