Blog
Rajiv Singha

Lenovo Users – This is how you can remove the Superfish Adware

February 24, 2015
2
Estimated reading time: 3 minutes

In case you are unaware, Lenovo has been shipping some of its consumer notebooks with a  preinstalled adware called Superfish. This software makes it possible for hackers to steal sensitive user data like passwords, banking information, etc. Scroll down to know more about this adware and how to remove it from your PC.

Superfish_adware_lenovo_laptops

Chinese computer maker Lenovo is under a lot of heat since the revelation that the company had been shipping some of its consumer notebooks with a preinstalled malicious adware called Superfish. Security experts have labelled Superfish as a dangerous software that can allow hackers to break secure web connections and put users’ privacy and security at risk.

So what is Superfish?
Superfish is a software that comes preinstalled in some Lenovo notebooks. It was designed to help enhance the online shopping experience of consumers by letting them discover products visually.

What does Superfish do?
Superfish works by installing its own fake certificate on the user’s machine, and substituting it for the encrypting certificates used by many sites like Google, Facebook, any banking or online shopping site and others. So, by bypassing the secure connection, the adware intends to quietly insert more ads into secure HTTPS pages.

How is this bad for users?
Because Superfish bypasses secure servers, it can easily allow hackers exploit its fake certificate and steal sensitive user data such as banking information, email, phone numbers, etc. So, if a user logs in to their online banking account from a laptop that has Superfish in it, their login credentials can be stolen by an attacker. Likewise, if they access emails, an attacker can read their mail and steal their passwords.

So what should Lenovo users do?
As nasty as the Superfish adware might sound, it can be easily removed with the help of a few simple steps. So, if you are using a Lenovo laptop, then here’s a step-by-step guide to remove Superfish:

  1. Go to Control Panel >> Programs >> Uninstall a program
  2. Look for “Superfish Inc. Visual Discovery” [if you cannot find it, then your PC is not among those with the software preinstalled in them ]
  3. Right click on the file, select ‘Uninstall

Merely removing Superfish is not enough. You also need to get rid of the certificate that it has installed on your PC. Here’s how to do it:

  1. Go to Start
  2. Type in certmgr.msc.
  3. Right click on it, and select Run as administrator
  4. Click Trusted Root Certificates Authorities and click Certificates
  5. On the right pane, scroll down and look for Superfish, Inc.
  6. Right click on it and select Delete [to get the Delete option, it is important to run the tool as administrator. See step 3]
  7. Click Yes and you are good

You can also download a PDF of this step-by-step instruction. Lenovo has also released an automatic removal tool for Superfish – http://support.lenovo.com/us/en/product_security/superfish_uninstall

Lenovo has also released an official statement on this entire matter. A list of Lenovo models that may have Superfish in them is also available. Read about it here.

Sources:
http://www.bbc.com/news
https://www.eff.org

subscribe to blog button

Have something to add to this story? Share it in the comments.

Rajiv Singha
About Rajiv Singha
Rajiv is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...
Articles by Rajiv Singha »

2 Comments

Your email address will not be published.

CAPTCHA Image

  1. Oh sir I am a lenovo laptop user.but sir my laptop me superfish name ka koi software ya application nahi so sir mera laptop and my Data safe hena.sir please Ripley.

    Reply