-
-
Save jcary741/19cc74c93a499f8c23ad7dd5a04faf86 to your computer and use it in GitHub Desktop.
| # Version: 0.1 (2025-01-18) | |
| # License: MIT, use at your own risk | |
| # | |
| # This script disables the Lenovo-installed "Tobii experience" software and "nahimic" software. | |
| # Tested on a Lenovo Legion Pro 5 (82WM) with Windows 11 24H2. | |
| # Run it with `powershell.exe -noprofile -executionPolicy Bypass -File badlenovo.ps1` | |
| # Following this script, you should be able to uninstall the "Tobii experience" app from the control panel (appwiz.cpl) | |
| # | |
| # After major updates, you may need to re-run this script. | |
| # Disable services (may be re-enabled on reboot) | |
| Get-Service -Name "Tobii*" | Stop-Service -Force | |
| Get-Service -Name "Tobii*" | Set-Service -StartupType Disabled | |
| Get-Service -Name "Nahimic*" | Stop-Service -Force | |
| Get-Service -Name "Nahimic*" | Set-Service -StartupType Disabled | |
| # Get the service exe paths | |
| $services = Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -like "Tobii*" -or $_.Name -like "Nahimic*"} | Select-Object PathName | |
| $services = $services.PathName -split "`n" | ForEach-Object { $_.Replace('"', '').Trim() } | |
| $services = $services -replace '\.exe.*', '.exe' | |
| ## use icacls to deny access to the service exes, so that they can't be started | |
| $services | ForEach-Object { | |
| $servicePath = $_ | |
| $acl = Get-Acl $servicePath | |
| $denyEveryone = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone", "FullControl", "Deny") | |
| $denySystem = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM", "FullControl", "Deny") | |
| $acl.SetAccessRule($denyEveryone) | |
| $acl.SetAccessRule($denySystem) | |
| Set-Acl $servicePath $acl | |
| } | |
| # Find "devices" that are installed by the Tobii or nahimic software and disable them | |
| $devices = Get-PnpDevice | Where-Object {$_.FriendlyName -like "Tobii*" -or $_.FriendlyName -like "Nahimic*"} | Select-Object FriendlyName,InstanceId | |
| $devices | ForEach-Object { | |
| $device = $_ | |
| $instanceId = $device.InstanceId | |
| $friendlyName = $device.FriendlyName | |
| Disable-PnpDevice -InstanceId $instanceId -Confirm:$false | |
| Write-Host "Disabled device: $friendlyName" | |
| } |
Can you upload ...
*.msi
You can find the Download here:
https://help.tobii.com/hc/en-us/articles/5278376717329-Driver-downloads-for-Lenovo
MS had previously indicated the tool would stop working in a future update...
You can't trust anything MS says, even their own engineers use Windows Key hacks to fix issues...
But you can disable automatic updates, using the registry:
# To Disable Windows-11 (24H2) Auto-update:
# Open an Admin shell and use:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
$LP = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\"
# OK
Get-ItemProperty -Path $LP -Name "NoAutoUpdate"
Set-ItemProperty -Path $LP -Name "NoAutoUpdate" -Value 1 -Force | Out-NullOr alternatively by setting group policy gpedit.msc.
See:
- https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings
- https://admx.help/HKLM/Software/Policies/Microsoft/Windows/WindowsUpdate/AU
I also found this Search-Registry script, which you can use to pry out Tobii related items from the registry. Use like this:
Search-Registry -Path 'HKCU:\SOFTWARE\*' -Recurse -ValueNameRegex "Tobii" -ValueDataRegex "Tobii" -KeyNameRegex "Tobii" -ErrorAction SilentlyContinue -Verbose | Select Reason,Details, Key | ft
# OR
Search-Registry -Path 'HKCU:\SOFTWARE\*' -Recurse -SearchRegex "Tobii" -ErrorAction SilentlyContinue | Select Reason,Details,Key | fl
Awesome, thank you. I'm hopeful for non-gpedit based solutions so Win 11 home users can benefit also. So here's a new idea: a noop driver that can be installed for the "device" so that Windows stops trying to install the tobii one. I suspect this would survive anything but a system restore. One thing I'm unsure of is if the driver would need to be signed. @eabase any experience with this?
If you look in the Tobii device driver file, you will find the following cameras:
vid:pid 04F2:B7B6 # Chicony Electronics #
vid:pid 04F2:B7B8 # Chicony Electronics #
vid:pid 174F:246A # Syntek #
vid:pid 30C9:00A6 # Luxvisions Innotech Limited # Lenovo Legion
vid:pid 30C9:00AC # Luxvisions Innotech Limited # Lenovo Legion [Windows-11 reports as: SunplusIT]
vid:pid 5986:118A # Bison Electronics # Lenovo Legion
So it seem that Tobii is only used on a few (built-in) cameras.
I think at this point it should be enough to:
- Report all Tobii executables & some of their API collecting websites to Virustotal as malware/distributors.
- Registry Disable Win automatic updates (manually click to get new, and then close pending garbage updates)
- Registry corrupt Tobii keys
- Disable Tobii services
- Disable Tobii tasks in Task scheduler
- Rename Tobii executables
- Corrupt Tobii HW drivers (
oem150.inf,oem51.infetc.) - Block all Tobii related executables (and API URL's) in windows firewall.
BTW. To get the Tobii related drivers you can use the following:
# Open admin shell
dism /online /get-drivers /format:table | findstr "Tobii"
#oem147.inf | lenovoyxx0extension.inf | No | Extension | Tobii AB | 2024-06-19 | 1.164.0.35934
#oem150.inf | lenovoyxx0.inf | No | SoftwareComponent | Tobii AB | 2024-06-19 | 1.164.0.35934
#oem51.inf | lenovoyxx0.inf | No | SoftwareComponent | Tobii AB | 2023-10-13 | 1.152.0.33335
# Backup them up, and then remove them with
pnputil.exe /d oemXX.inf
Deleting these drivers seems to only be possible if the host device is removed or disabled. I have removed with
# Open admin shell # navigate to a directory like documents or tmp then pnputil /enum-devices > devices.txt # open devices.txt file and ctrl+f for "Tobii" # there should be a device listed, with a driver inf matching what you are trying to remove # now copy that device Instance ID and remove the device, for example: pnputil /remove-device "USB\VID_045E&PID_00DB\6&870CE29&0&1" # now you should be able to remove the driver inf with pnputil.exe /d oemXX.inf
Time will tell if this needs to be repeated or not for me.
I'd be very careful with actually removing a device. If you accidentally get it wrong...that's a PITA to fix.
You can always remove a driver with the /force switch, so read the help from pnputil.exe --help.
/delete-driver <oem#.inf> [/uninstall] [/force] [/reboot]
Delete driver package from the driver store.
/uninstall - uninstall driver package from any devices using it.
/force - delete driver package even when it is in use by devices.
/reboot - reboot system if needed to complete the operation.
Examples:
Delete driver package:
pnputil /delete-driver oem0.inf
Force delete driver package:
pnputil /delete-driver oem1.inf /force
Instead disable the device, in case something goes wrong.
/disable-device [<instance ID> | /deviceid <device ID>] [/class <name | GUID>]
[/bus <name | GUID>] [/reboot] [/force]
Disable devices on the system.
/deviceid <device ID> - disable all devices with matching device ID.
/class <name | GUID> - filter by device class name or GUID.
/bus <name | GUID> - filter by bus enumerator name or bus type GUID.
/reboot - reboot system if needed to complete the operation.
/force - disable even if device provides critical system functionality.
Examples:
Disable device:
pnputil /disable-device "USB\VID_045E&PID_00DB\6&870CE29&0&1"
Disable all devices with specific hardware/compatible ID:
pnputil /disable-device /deviceid "USB\Class_03"
Disable all devices of a specific class on a specific bus:
pnputil /disable-device /class "USB" /bus "PCI"
2 month update: The initial script to cripple tobii and nahimic in place appears to be working just fine and has survived several minor windows updates.
It worked as well
@jcary741
@bryantc24
Thanks for reporting back.
I haven't looked at this lately, as I didn't have any further issues, and had more severe update issues with the bloated Intel Graphic driver.
@eabase Can you upload / share
C:\Drivers\Tobii\Tobii.LenovoYX80.Offline.Installer_4.182.0.29391.msi, since I previously wipe my device, I don't seem to have that installer file, but realize now that it may be important for further investigation.