• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Testing and removing Lenovo Superfish adware

Testing and removing Lenovo Superfish adware

2015-02-21 by Jason

PC manufacturer Lenovo sold out its customers in the fourth quarter of 2014. Bloatware is hardly a new phenomenon (and is universally despised) as it allows manufacturers to increase their profit margins by cutting deals to preload their computers with specified software, toolbars, and trials. Antivirus trials are common and get in the way while decreasing the customer’s actual security. This pre-loaded software is commonly known as bloatware and even has tools built to deal with their quick removal.

In this instance with Superfish, Lenovo went too far. It not only installed adware on brand new computers for the company’s own gain but it also compromised the security of those consumer-line computers. Superfish uses a man-in-the-middle attack to intercept and decrypt normally encrypted SSL traffic (websites with https). This allowed it to insert advertisements into the websites you visited and track your traffic.

Lenovo first posted to their support forums that there was no credible security thread but has since posted a High severity security advisory.

From the Lenovo Security Advisory (LEN-2015-010) on Superfish:

Superfish was previously included on some consumer notebook products shipped between September 2014 and February 2015 to assist customers with discovering products similar to what they are viewing. However, user feedback was not positive, and we responded quickly and decisively:

Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the software product is no longer active, effectively disabling Superfish for all products in the market.
Lenovo ordered the pre-load removal in January.
We will not preload this software in the future.

Vulnerabilities have been identified with the software, which include installation of a self-signed root certificate in the local trusted CA store. The application can be uninstalled; however, the current uninstaller does not remove the Superfish root certificate.

The Security Advisory lists the affected products

If you are using a recent Lenovo computer, or any computer really, you can test to see if you are infected with Superfish by using two different testing sites:

  • LastPass
  • Filippo

These sites will indicate if your computer still has the Superfish CA loaded.

superfish

If Superfish is detected on your computer, you will want to uninstall it. Microsoft updated Microsoft Security Essentials/Windows Defender to remove Superfish but it does not remove the MitM certificate.

You can follow the instructions below to remove Superfish from your computer (Lenovo has their own instructions):

Step 1: Uninstall Superfish

From the Control Panel, Programs and Features find Superfish Inc. VisualDiscovery. Select it and choose to uninstall the program. You may have to enter your administrator password if prompted.

Step 2: Remove the certificate

From the Start Menu or Start Screen search fro certmgr.msc. Right-click it and choose ‘Run as administrator’.

Drill down to Trusted Root Certification Authorities, Certificates. From the right-pane, scroll down until you find Superfish, Inc. Right-click it and choose Delete. At the warning prompt, confirm ‘Yes’ that you wish to delete this root certificate.

Step 3: Remove the certificate from Firefox or Thunderbird

If you use Mozilla products like Firefox or Thunderbird, you will want to verify the certificate is not in its Certificate Manager as well.

Go to Options from the Settings menu or Preferences. On the Advanced tab and Certificates sub-tab, click the ‘View Certificates’ button. Scroll through the list looking for Superfish and if you find it select it and hit the ‘Delete or Distrust…’ button.

Step 4: Restart

Restart your browsers or even the whole computer.

Step 5: Check again

Head over to one of the Superfish test pages (linked above) and see if your computer is now coming up clean. You might check in all the different browsers you use, just to verify.

Lenovo also has a SuperFish Removal Utility available for download. If you’re having a hard time trusting them, they posted the source code to GitHub. Of course, you can also just follow the steps above.

Filed Under: Security and Privacy

Trending

  • Product Review: Neato XV-11 Robotic Vacuum
    In Hardware, Gadgets, and Products, Reviews
  • Windows Server 2012: Installing Active Directory Users and Computers and Group Policy Management Console
    In Operating Systems, Tech Solutions
  • Cyberbullying and Teenagers – Protect Kids Using Mobile Phone Parental Control
    In Security and Privacy

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO  

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in