Troubleshoot Lenovo User Experience - harmless spyware or something worse?

uninfected1

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 28, 2016
525
The threat name according to Eset is Android/Luespy.D (variant). It seems several different companies' AV's have flagged this as a threat going back about two years, but I haven't found any satisfactory information on just how much of a threat it is or how to disable or remove it.

Eset explains that as it's a system app it can't be removed, but advises disabling it after a force stop, but this doesn't work. Any help on whether it needs to be disabled, and if so how to do so, would be really appreciated.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
It seems this malware is pre-installed in the firmware and you cannot uninstall or block it.
The only solution may be a ROM flashing with installation of alternative firmware.
But this procedure is not recommended for two reasons:
- your device is new, and you would lose the warranty.
- if something goes wrong during the procedure you get a nice... paperweight.

Considering your device is new, I advise you to go to the seller and explain the problem.
 

uninfected1

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 28, 2016
525
Thanks WS. At this stage I don't want to do anything that will invalidate the warranty so it seems your final suggestion is the best option. This is very disappointing by Lenovo. At least with most other companies you can disable this sort of thing and it's obviously been going on for a while but they've still done nothing about it:
Luespy - malware or false positive?

I'm surprised this issue hasn't been mentioned here on MT before. If it has I couldn't find it.

EDIT: As someone mentions in the Malwarebytes thread linked above, I don't recall the EULA for this app, not that I read the terms closely. If there was, would it be possible to retrospectively uncheck it?

I'd also like to hear from the good folk here about whether they would be happy continuing to use this equipment with this spyware/malware still operating unabated.
 
Last edited:

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Thanks WS. At this stage I don't want to do anything that will invalidate the warranty so it seems your final suggestion is the best option. This is very disappointing by Lenovo. At least with most other companies you can disable this sort of thing and it's obviously been going on for a while but they've still done nothing about it:
Luespy - malware or false positive?

I'm surprised this issue hasn't been mentioned here on MT before. If it has I couldn't find it.
Anytime mate :) About Lenovo couldn't agree more with you.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
I'm using Adguard (paid version) and it provides a firewall function to allow/deny apps for internet data exchange.
But I don't remember if the free version has firewall functionality, in this case it could be a solution, blocking the connection for this spyware.
 

vespino75

New Member
Mar 23, 2018
1
Hi, maybe it's to late, but i have a solution. (i did it with my lenovo phab).

You can, without lose your warranty disable a system app, but you need a computer, and to enable the developer settings with the several tap on "build version" in the section of "about phone" in the settings.

1:
Enable debug on the smartphone

2:
install adb on pc

3:
open cmd (command prompt), and write:
" adb devices ": you must see a code, this code is the smartphone.

4:
now you must found the code of the app that you want disabled

" pm list packages | grep *name of the app"

5:
now you can see a list with the PRECISE name of the app you want disabled

" pm uninstall -k --user 0 *name of the app".

OK YOU DISABLED THE APP.

Now... You don't have root, then if you want the app enabled again, you must do a factory reset.
YOU ARE NOT UNINSTALLING THE APP, ONLY DISABLING.

Sorry, for my english, but this is a true solution, you can found other guides on XDA.
This guide does not invalidate WARRANTY.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top