Are you a Victim of Lenovo’s Superfish?

Posted on Feb 21 2015 - 11:05am by Pavithra Manisha


There is absolutely no need to panic! The Lenovo’s ‘Superfish’ adware can be removed eaily.

Lenovo has gone out a little bit too far in its quest for money. The quest has put its user’s at a huge risk.  Superfish a Visual Search tool has been pre loaded on the PCs. This blessed tool is known to fake the encryption certificates of every secure HTTPS protected website that you visit. This has been happening since the middle of 2014. ‘Superfish’ attacks using man-in-the-middle to fill the websites that you visit with advertisements posing vulnerability threats to you from hackers




The article provides an insight into helping you discover if your Lenovo is ‘Superfish’ infected. If it is then follow these steps so that it  can be eradicated.

Is your Lenovo preinstalled with “Superfish”?

Well here is how you could possibly find out if your Lenovo PC comes to you handy with Superfish pre-installed. The adware is so designed that it projects to you price comparision advertisements into the web pages when you visit them. In case you are on a venture to find out a new product. The VisualDiscovery provides certain Visual Search Results, and if you are able to view such results on your own then you may be infected with the Superfish adware.

Steps to Check Superfish is Pre-installed

Although you may not be cent percent sure that you have the Superfish loaded on your PC, the following steps will let you confirm if this troublesome extra feature of Lenovo is present.

Unistalling Superfish

Unistalling Superfish

Go to  Control Panel–> Programs–> Uninstall a Program–> Check for VisualDiscovery

If it is there then immediately Uninstall it. After uninstalling it run your antivirus and scan for viruses. It is possible that Superfish has been flagged as adware by some of the antivirus engines. By performing a manual initiated scan you can be for sure that this unwanted program that has been added is truly gone.

Superfish: The Hijacker

Superfish just captures the SSL traffic. How does it do so? A self-generated root certificate is installed in the Windows Certificate store that is reserved. This reserved location consists of certificates from Microsoft and Verisign. The adware resigns these SSL certificates that have been assigned by HTTPS sites with its own generated and signed certificates.

Superfish thereby conducts a man-in-the middle attack and breaks the security layer of HTTPS encryption. It is also believed that simply removing this adware does not remove this culprit completely. Microsoft has a Windows Defender Update that removes adwares. That certificate may be revoked manually.

Hers is how you can do it:

Press Windows key and R on you keyboard to bring the Run tool.

  • Look for certmgr.msc and open your PC’s Certificate Manager 
    Certificate Manager

    Certificate Manager

  • Click on Trusted Root Certificate Authorities on the left hand pane
    Unistalling: Step 2

    Unistalling: Step 2

  • Double click Certificates in the main pane


A llst of all trusted certificates will be generated. Find for Superfish and delete it.

That should do it for now. Superfish also worms into Firefox’s Certificate Manager.

Firefox users:

Open the browser and Goto  Options –> Advanced –> Certificates –> View Certificates.

If you see  Superfish, Click on it and Select –> Delete or Distrust

About the Author

Pavithra Manisha found her way to feed the readers with the latest happenings in the world of technology in terms of news updates. Now catch all the updates instantly and join the discussions to enlighten your knowledge.

Leave A Response