Yesterday we reported about the trojan “SuperFish” preinstalled on Lenovo Desktops and Notebooks. As it is not only an adware but potentially hijacks the SSL HTTPS traffic, it is definitely more of a concern for all Lenovo users.
Below are instructions to detect if you are infected and the instructions on how to remove it:
To find out if this issue affects you, go to Filippo Valsorda’s Superfish CA test page in Internet Explorer or Chrome first. If you see a “YES,” follow these instructions (courtesy of Valsorda and from Lenovo’s instructions) for removal:
Step I: Uninstall the Superfish software
- Open the Windows Start menu or Start screen and search for Uninstall a program. Launch it.
- Right-click Superfish Inc VisualDiscovery and select Uninstall. When prompted, enter your administrator password.
Uninstalling the software is not enough, because the uninstall does not remove the root certificate.
Step II: Remove the certificate from Windows
- Open the Windows Start menu or Start screen and search for certmgr.msc. Right-click it and select Launch as Administrator.
- Click Trusted Root Certification Authorities and open Certificates.
- Scroll down or use find to get to the Superfish, Inc. certificate.
- Right-click it and select Delete. If you don’t see the option to delete it, you may not be running as an administrator (See step 1).
Step III: Remove the certificate from Firefox
This might or might not be needed, but check to be sure.
- Go to Options/Preferences.
- Click Advanced, then Certificates.
- Click View Certificates.
- Look for Superfish, if it’s there, click it and then click Delete or Distrust.
This post originally appeared on the Electronic Frontier Foundation’s Deep Links blog with credit to Filippo Valsorda for the how-to guide. To learn how to test your PC for the Superfish adware, read this how-to guide at Lifehacker.
Photo by Vertes Edmond Mihai.