Edge 浏览器已设置启动时恢复之前的页面。但忘记从几时开始,启动时总是会打开一个本地的页面,如 http://localhost:56583/,端口号每次都不同,最终都跳转到百度:https://www.baidu.com/?tn=15007414_8_dg,且带着一个奇怪的 ?tn= 参数,怀疑是有什么狗屄软件收了钱,在打广告。
之前在前 agent 时代,试过自己解决,如 [1],但无果。
with Claude Code
今在本地命令行开 Claude Code 诊断,结论如下:
---
Root Cause: Lenovo PCManager's BrowserPro.dll
Not a third-party malware --- it's Lenovo pre-installed bloatware earning
affiliate revenue from Baidu.
How it works (confirmed from binary analysis)
1. BrowserPro.dll (C:\Program Files (x86)\Lenovo\PCManager\5.0.30.7052\Mod
ules\ActiveProtection\apps\BrowserPro\) is loaded into explorer.exe as a
COM shell extension at login
2. It calls Windows' HTTP.sys kernel driver (HttpCreateRequestQueue,
HttpAddUrlToUrlGroup) to register a listener on a random localhost port ---
which is why the port changes every time
3. It calls ShellExecuteExW to force-open that localhost:{random port} URL
in your default browser (Edge)
4. The page it serves is exactly: <head><meta name='referrer'
content='no-referrer'/><script>location='https://discovery.lenovo.com.cn/h
ome/ilive/v1/c1'</script></head>
5. Lenovo's iLive server then forwards you to baidu.com/?tn=15007414_8_dg
--- where tn=15007414_8_dg is Lenovo's Baidu affiliate tracking ID. Lenovo
gets paid per visit.
The no-referrer tag is intentional to hide the affiliate chain.
---
How to stop it
Option 1 --- Cleanest: Uninstall Lenovo PCManager
▎ Search "Apps" → find Lenovo PC Manager → Uninstall
Option 2 --- Disable via PCManager settings (if you want to keep it)
▎ Open Lenovo PC Manager → Security/Protection → look for "Browser
Protection" or "Active Protection" and disable it
Option 3 --- Block the service manually
# In PowerShell as Administrator:
sc stop LenovoPcManagerService
sc config LenovoPcManagerService start= disabled
sc stop LISFService
sc config LISFService start= disabled
Note: The registry key
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LenovoDisabled suggests
someone previously tried to disable Lenovo startup items on this machine,
but PCManager still runs as a service. After disabling, kill the
explorer.exe process or restart to clear the current HTTP.sys
registration.
This is the same class of behavior as Lenovo's 2015 Superfish scandal ---
affiliate revenue harvesting bundled into pre-installed software. It's
technically "legal" in their terms, but deceptive and harmful.电脑是联想小新 Air 14+ ARH7,有个联想电脑管家,应该就是 Claude 说的 Lenovo PCManager。
Solution
跟 Claude 建议,卸载联想电脑管家。
测试:关掉 Edge 浏览器,再重开,能正常恢复之前页面,而不会打开那个 localhost 页面。