Malware in Lenovo Vantage file?

[keithsketchley]

ESET Suite detects attempt to access camera, T480, source is that file name.

Advice on Internet is that such a file can be infected by bleeps who fake file names.

I have deleted the Lenovo feature it is part of, some Lenovo Vantage POJ with user hostile interface.

https://forums.lenovo.com/t5/Pre-Instal ... -p/4363496 covers it.

I am trying deleting the specific file with Windows Command line, -uninstall command. I did not see it in Device Manager from where one should be able to delete it.

Between Looonovo's two-year-olds-with-hammers and and Microsloppy Windrows 10 I am disgusted with the T480. Thinkpads have a premium price - not worth it.

[keithsketchley]

viewtopic.php?f=43&t=127126&p=859567#p859567 covers my current experience with attempts to access camera on my T480, detected by ESEST Suite security software.

Offending file is Lenovo.Modern.ImController.PlugInHost, which is part of the Vantage mess.

https://howtodoninja.com/files/exe/leno ... nhost-exe/ has more advice, with a recommendation to check file signature though I don't know how easy that is to fake.

Difficult to get support from Loonovo's web site mess, I did find a phone number after searching for the file name even though not found.

Advice is to keep your camera OFF and covered. (I do not use it.)

[RealBlackStuff]

In all these years I don't think I have ever even seen that Lenono Vantage crap.
And I have yet to come across a positive reference to that POS.
It definitely is not on any of my machines!

[dr_st]

Why did you bump an old an only loosely related thread with your post, only to later create a new thread with a link to the old one?

I have moved your post out of the X201 thread and merged it with this one.

I think your assumption that there is malware in that file is not very well-founded. The thread on the Lenovo forums you linked to has a senior ESET employee explaining how certain legitimate actions can trigger false positive from security software.

I fully agree with the idea to cover your webcam when not in use.

[keithsketchley]

Of course it could be a 'false positive' but it could be malware - the question is which.

I use ESET for its speed and heuristics but ESET is definitely not perfect, nor responsive.
Note that another user had flags from Kasperksy.

The publisher of the Lenovo....controller... file is Lenovo, in Task Manager.

Vantage is preloaded on T480s. It includes the checking-for-updates routine, I presume that if I can remove it I'd have to manually update file by file for new fixes. (And the T480 has many, BIOS update is frequent.)