Whether you have a Lenovo PC or not, you’ve probably heard about the the “virulent, evil adware” called Superfish that’s been shipping on the company’s consumer laptops since September. And if you do own a Lenovo, you probably know that you should check whether your machine is affected. But maybe you haven’t because there was a Long Island Medium marathon on TV and then you had to eat two bowls of cereal. Totally understandable. But now it’s time to deal with this. It won’t take long.
A few sites have cropped up that quickly tell you whether your laptop is running Superfish, like this test from Filippo Valsorda and this one from LastPass. Lenovo also provided a list of laptop models that could have shipped with the adware pre-installed. The company says, “Lenovo never installed this software on any ThinkPad notebooks, nor any desktops, tablets, smartphones or servers.” As PCWorld points out, you’ll also know that Superfish is lurking if you get ads when you’re browsing the Internet that are “Visual Search results powered by VisualDiscovery.”
The first thing to do if you find out you have Superfish installed is to navigate through Control Panel --> Programs --> Uninstall a Program, then find “VisualDiscovery,” and uninstall.
Then make sure that the root certificate Superfish put in your trusted certificate list gets deleted, because that’s the primary component that compromises your secure browsing. On Friday, Microsoft released an update for its Windows Defender that uninstalls both the Superfish program and the root certificate, so if you run that you should be in good shape. Tests of the Windows Defender update show that it is effective.
You can also manually go into your computer’s certificate manager and remove the certificate. In Windows search look up “certmgr.msc” to open the right window. From there, click “Trusted Root Certification Authorities” and then “Certificates.” Find the Superfish Inc. certificate and delete the crap out of that sucker.
If you use Firefox, the last step is specifcally removing the certificate from the browser’s own certifcate storage. Navigate to Preferences --> Advanced --> Certificates --> View Certificates, and then scout for your old friend Superfish. Then rock some “Delete or Distrust.”
If your laptop has been running this hideous adware, you probably should also change all of your passwords and watch for any strange activity on important accounts. Thanks a lot, Lenovo.