How to get Superfish malware off your affected PC

How to get Superfish malware off your affected PC

How owners of Lenovo computers and other possibly infected PCs can remove this dangerous, offending adware garbage.

Ban Superfish.
Ban Superfish. Image by the author, created from screen capture and altered with graphics software.

WASHINGTON, February 25, 2015 – If you have any respect left for Lenovo after reading our previous article on the dangerous Superfish adware-garbageware the company loaded on certain of its machines, take heart: The company has, albeit only recently, provided a Superfish scrub of its own. We’ve collected and adapted additional solutions from reliable tech sources that can help you scrub Superfish forever (or until the next time) from your own machine.

RELATED: Lenovo computer users beware: Superfish hackware inside

To access Lenovo’s current solution, click here.

Given that its own OS is the one affected, Microsoft has understandably released one fix for the Superfish problem. The company’s own Windows Defender anti-virus software can be used to remove the evil certificate(s).

To assure yourself that Windows Defender can completely delete the offending Superfish package, make sure you have the latest update by manually downloading and installing it if necessary. All you have to do is go to “Windows Update” or open “Microsoft Security Software,” click or select the Update tab and click the Update button.

Once you’re done (or if you’ve already updated), simply launch the package and allow it to do what it does.

To handle the surgery yourself, perform the following actions in order:

First, whether you own a Lenovo or other PC and are using Internet Explorer or Google Chrome, click here for an easy diagnostic. (For whatever reason, the diagnostic apparently won’t work on Firefox.) In 10 seconds or less, you’ll discover whether Superfish is installed on your machine. If you get an answer of “Yes,” proceed with the steps below, which we’ve adapted from Lifehacker’s detailed articles.

Note: I’ve tested my own Macintosh desktop this way on Chrome and there doesn’t appear to be a problem. Macs apparently are not involved in this particular issue, but, unlike the old days, Macs can and do have their own issues.

Removal steps:

  1. Open your “Windows Start” menu or Start screen.
  2. Search for “Uninstall a program” and launch it.
  3. Right-click on “Superfish Inc VisualDiscovery,” select “Uninstall,” and enter your administrator password.
  4. You now need to uninstall the offending certificate or certificates. Return to the Start menu and look for an item called “certmgr.msc.” When you find it, launch it.
  5. Click on “Trusted Root Certification Authorities,” then open “Certificates.”
  6. Search here for certificate names that include “Superfish Inc” and then right-click to delete them.
  7. Close and restart your browser.
  8. Once the browser is up and running, perform the diagnostic check you performed above by using the same link. You should be clear.

Note for Firefox or Thunderbird users: Go to this Ars Technica page for alternate instructions.

Removing other malware

Lifehacker suggests that while you’re scrubbing Superfish from your computer, you might want to take the opportunity to search and destroy other malware you might have inadvertently installed over time. While you take the above steps, as you look through the file lists you’ll access in step 6. If you see any entries with the following labels, you should also consider deleting these known malware files as well as filenames having anything to do with Superfish:

  • CE_UmbrellaCert
  • DO_NOT_TRUSTFiddler_root (Fiddler is a legitimate developer tool but malware has hijacked their cert)
  • Lookthisup
  • Pando
  • Purelead
  • Rocket Tab
  • Sendori
  • Super Fish
  • Wajam
  • WajaNEnhance
  • System Alerts, LLC

If you’re majorly concerned with system security

While most geek sites and Microsoft itself believe that removing the offending certificate(s) solve the security issue, Lifehacker notes that if you want to do a complete and total scrub, “ you could always do a clean install of Windows without all the bloatware.”

Slate goes a step further, advising you to completely nuke your machine and start all over. That might be a bit much for most users. But if you work with your own or a company’s laptop at a secure site, that could very well be the best way to go.

Click here for reuse options!
Copyright 2015 Communities Digital News

This article is the copyrighted property of the writer and Communities Digital News, LLC. Written permission must be obtained before reprint in online or print media. REPRINTING CONTENT WITHOUT PERMISSION AND/OR PAYMENT IS THEFT AND PUNISHABLE BY LAW.

Correspondingly, Communities Digital News, LLC uses its best efforts to operate in accordance with the Fair Use Doctrine under US Copyright Law and always tries to provide proper attribution. If you have reason to believe that any written material or image has been innocently infringed, please bring it to the immediate attention of CDN via the e-mail address or phone number listed on the Contact page so that it can be resolved expeditiously.

Terry Ponick
Biographical Note: Dateline Award-winning music and theater critic for The Connection Newspapers and the Reston-Fairfax Times, Terry was the music critic for the Washington Times print edition (1994-2010) and online Communities (2010-2014). Since 2014, he has been the Business and Entertainment Editor for Communities Digital News (CDN). A former stockbroker and a writer and editor with many interests, he served as editor under contract from the White House Office of Science and Technology Policy (OSTP) and continues to write on science and business topics. He is a graduate of Georgetown University (BA, MA) and the University of South Carolina where he was awarded a Ph.D. in English and American Literature and co-founded one of the earliest Writing Labs in the country. Twitter: @terryp17