Last active
May 25, 2025 20:06
-
-
Save jcary741/19cc74c93a499f8c23ad7dd5a04faf86 to your computer and use it in GitHub Desktop.
Removal script for Tobii and Nahimic software on Lenovo Legion 5 devices
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Version: 0.1 (2025-01-18) | |
| # License: MIT, use at your own risk | |
| # | |
| # This script disables the Lenovo-installed "Tobii experience" software and "nahimic" software. | |
| # Tested on a Lenovo Legion Pro 5 (82WM) with Windows 11 24H2. | |
| # Run it with `powershell.exe -noprofile -executionPolicy Bypass -File badlenovo.ps1` | |
| # Following this script, you should be able to uninstall the "Tobii experience" app from the control panel (appwiz.cpl) | |
| # | |
| # After major updates, you may need to re-run this script. | |
| # Disable services (may be re-enabled on reboot) | |
| Get-Service -Name "Tobii*" | Stop-Service -Force | |
| Get-Service -Name "Tobii*" | Set-Service -StartupType Disabled | |
| Get-Service -Name "Nahimic*" | Stop-Service -Force | |
| Get-Service -Name "Nahimic*" | Set-Service -StartupType Disabled | |
| # Get the service exe paths | |
| $services = Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -like "Tobii*" -or $_.Name -like "Nahimic*"} | Select-Object PathName | |
| $services = $services.PathName -split "`n" | ForEach-Object { $_.Replace('"', '').Trim() } | |
| $services = $services -replace '\.exe.*', '.exe' | |
| ## use icacls to deny access to the service exes, so that they can't be started | |
| $services | ForEach-Object { | |
| $servicePath = $_ | |
| $acl = Get-Acl $servicePath | |
| $denyEveryone = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone", "FullControl", "Deny") | |
| $denySystem = New-Object System.Security.AccessControl.FileSystemAccessRule("SYSTEM", "FullControl", "Deny") | |
| $acl.SetAccessRule($denyEveryone) | |
| $acl.SetAccessRule($denySystem) | |
| Set-Acl $servicePath $acl | |
| } | |
| # Find "devices" that are installed by the Tobii or nahimic software and disable them | |
| $devices = Get-PnpDevice | Where-Object {$_.FriendlyName -like "Tobii*" -or $_.FriendlyName -like "Nahimic*"} | Select-Object FriendlyName,InstanceId | |
| $devices | ForEach-Object { | |
| $device = $_ | |
| $instanceId = $device.InstanceId | |
| $friendlyName = $device.FriendlyName | |
| Disable-PnpDevice -InstanceId $instanceId -Confirm:$false | |
| Write-Host "Disabled device: $friendlyName" | |
| } |
If you look in the Tobii device driver file, you will find the following cameras:
vid:pid 04F2:B7B6 # Chicony Electronics #
vid:pid 04F2:B7B8 # Chicony Electronics #
vid:pid 174F:246A # Syntek #
vid:pid 30C9:00A6 # Luxvisions Innotech Limited # Lenovo Legion
vid:pid 30C9:00AC # Luxvisions Innotech Limited # Lenovo Legion [Windows-11 reports as: SunplusIT]
vid:pid 5986:118A # Bison Electronics # Lenovo Legion
So it seem that Tobii is only used on a few (built-in) cameras.
I think at this point it should be enough to:
- Report all Tobii executables & some of their API collecting websites to Virustotal as malware/distributors.
- Registry Disable Win automatic updates (manually click to get new, and then close pending garbage updates)
- Registry corrupt Tobii keys
- Disable Tobii services
- Disable Tobii tasks in Task scheduler
- Rename Tobii executables
- Corrupt Tobii HW drivers (
oem150.inf,oem51.infetc.) - Block all Tobii related executables (and API URL's) in windows firewall.
BTW. To get the Tobii related drivers you can use the following:
# Open admin shell
dism /online /get-drivers /format:table | findstr "Tobii"
#oem147.inf | lenovoyxx0extension.inf | No | Extension | Tobii AB | 2024-06-19 | 1.164.0.35934
#oem150.inf | lenovoyxx0.inf | No | SoftwareComponent | Tobii AB | 2024-06-19 | 1.164.0.35934
#oem51.inf | lenovoyxx0.inf | No | SoftwareComponent | Tobii AB | 2023-10-13 | 1.152.0.33335
# Backup them up, and then remove them with
pnputil.exe /d oemXX.inf
Deleting these drivers seems to only be possible if the host device is removed or disabled. I have removed with
# Open admin shell # navigate to a directory like documents or tmp then pnputil /enum-devices > devices.txt # open devices.txt file and ctrl+f for "Tobii" # there should be a device listed, with a driver inf matching what you are trying to remove # now copy that device Instance ID and remove the device, for example: pnputil /remove-device "USB\VID_045E&PID_00DB\6&870CE29&0&1" # now you should be able to remove the driver inf with pnputil.exe /d oemXX.inf
Time will tell if this needs to be repeated or not for me.
I'd be very careful with actually removing a device. If you accidentally get it wrong...that's a PITA to fix.
You can always remove a driver with the /force switch, so read the help from pnputil.exe --help.
/delete-driver <oem#.inf> [/uninstall] [/force] [/reboot]
Delete driver package from the driver store.
/uninstall - uninstall driver package from any devices using it.
/force - delete driver package even when it is in use by devices.
/reboot - reboot system if needed to complete the operation.
Examples:
Delete driver package:
pnputil /delete-driver oem0.inf
Force delete driver package:
pnputil /delete-driver oem1.inf /force
Instead disable the device, in case something goes wrong.
/disable-device [<instance ID> | /deviceid <device ID>] [/class <name | GUID>]
[/bus <name | GUID>] [/reboot] [/force]
Disable devices on the system.
/deviceid <device ID> - disable all devices with matching device ID.
/class <name | GUID> - filter by device class name or GUID.
/bus <name | GUID> - filter by bus enumerator name or bus type GUID.
/reboot - reboot system if needed to complete the operation.
/force - disable even if device provides critical system functionality.
Examples:
Disable device:
pnputil /disable-device "USB\VID_045E&PID_00DB\6&870CE29&0&1"
Disable all devices with specific hardware/compatible ID:
pnputil /disable-device /deviceid "USB\Class_03"
Disable all devices of a specific class on a specific bus:
pnputil /disable-device /class "USB" /bus "PCI"
2 month update: The initial script to cripple tobii and nahimic in place appears to be working just fine and has survived several minor windows updates.
It worked as well
@jcary741
@bryantc24
Thanks for reporting back.
I haven't looked at this lately, as I didn't have any further issues, and had more severe update issues with the bloated Intel Graphic driver.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Awesome, thank you. I'm hopeful for non-gpedit based solutions so Win 11 home users can benefit also. So here's a new idea: a noop driver that can be installed for the "device" so that Windows stops trying to install the tobii one. I suspect this would survive anything but a system restore. One thing I'm unsure of is if the driver would need to be signed. @eabase any experience with this?