It turns out that Lenovo has code in their BIOS which creates and maintains a backdoor executable in Windows 7 and Windows 8.x installs. Simply wiping the machine when you bring it home to remove the factory crap-ware is not enough to overcome this implementation. This issue is supposed to have been resolved via a recently released patch that doesn't remove but rather disables this 'feature' which is being called the Lenovo Service Engine.
Original Source for the news:
http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693
Link to patch:
https://support.lenovo.com/us/en/product_security/lse_bios_notebook
This exploit takes advantage of a Windows feature called Windows Platform Binary Table. This is essentially a method created for the purpose of enabling UEFI bioses to load extra binaries at boot time.
link to paper on WPBT:
http://feishare.com/attachments/article/298/windows-platform-binary-table.pdf
(Score: 1, Informative) by Anonymous Coward on Thursday August 13 2015, @12:14PM
I didn't mention ThinkPads - you did. I don't think this story is about ThinkPads. Let's try to be more accurate, OK? (grin)
The summary doesn't say it is in every BIOS - however it is in some. Lenovo does have code in the BIOS that is the subject of the linked material. But you know that because you read TFA. so there is no confusion there.
Someone else suggested that you join us - believe me, you would be welcome and we could do with the support. I'm about to take 2 weeks break and I'm tired - my first break from the site in a long, long time. The remaining eds would love to have you help out. My apologies if this post is less than perfect.