FAQ: How to find and remove Superfish from your Lenovo laptop

Lenovo pre-installed dangerous software, here's how to remove it

Lenovo Y40 Gaming PC

Lenovo has shipped consumer PCs with software designed to offer a visual shopping experience, but in reality it's adware that breaks HTTPS online – leaving customers vulnerable to attack and information theft. Here’s how to determine if you're at risk, and if so, how to remove the Superfish software.

What is Superfish and why is it risky?

Superfish Inc. is a company that makes advertising software. The software is called Visual Discovery. In comments posted to a company support forum, Lenovo said they've partnered with Superfish in order to deliver software "that helps users find and discover products visually."

Researchers have discovered that not only does Superfish inject ads; it also breaks SSL by installing a self-signed root certificate that can intercept encrypted traffic for any secured website a user visits. This is called a Man-in-the-Middle attack. A criminal conducting such an attack can see all of the data you send to a website, and vice versa.

These questionable acts have led to Visual Discovery being labeled as adware and flagged as malicious or potentially unwanted software.

Moreover, the level of security designed to protect the connections made by Visual Discovery are weak and outdated. Researchers were able to crack the security key used to sign certificates within minutes, meaning a criminal can do the same just as quickly.

If that were to happen, you could be using your Lenovo laptop in public, and while visiting a secured website, have your username and password compromised without ever knowing. Or rather, you'd remain unaware up until the point that a criminal took control over your email, online banking, or social media account.

How did I get Superfish on my system? I didn't install anything.

You didn't need to. Visual Discovery was pre-installed at the factory by Lenovo. During the setup process, you likely agreed to its activation without even knowing, as the permission screen is one of many setup steps that need to happen before you can use your system.

Unfortunately, Lenovo said systems were shipped with Visual Discovery installed between September and December 2014. That translates to tens of millions of computers pre-packaged with adware.

How do I know if my Lenovo laptop has Superfish installed?

The following laptop models are known to have had Visual Discovery (Superfish) pre-installed by Lenovo.

G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45

U Series: U330P, U430P, U330Touch, U430Touch, U530Touch

Y Series: Y430P, Y40-70, Y50-70

Z Series: Z40-75, Z50-75, Z40-70, Z50-70

S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch

Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10

MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11

YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW

E Series: E10-30

If you own one of these laptops, you can visually check for Superfish by visiting: https://filippo.io/Badfish/

Start by visiting that website in Internet Explorer, and then visit it with Firefox and Google Chrome – assuming you have those installed.

If Superfish is installed on your system, you'll need to remove the software and the certificate. The test website has instructions, but we've reproduced them below for reference.

1. Open the Windows Start menu or Start screen and search Uninstall a program

- Launch it

- Right-click Superfish Inc Visual Discovery and select Uninstall

- When prompted (if prompted), enter your administrator password.

2. Open the Windows Start menu or Start screen and search certmgr.msc

- Right-click and select Launch as Administrator

- Click Trusted Root Certification Authorities and open Certificates

- Scroll down or use find to get to the Superfish, Inc. certificate

- Right-click it and select Delete

Some Firefox users will need to take additional steps. If Visual Discovery is installed on your system, and you failed the Superfish check on Mozilla's browser, do the following:

- Go to Tools -> Options -> Preferences

- Click Advanced and then Certificates

- Click View Certificates, and look for Superfish

- If Superfish present, click it once to highlight it and select delete or distrust

Once Superfish and the certificate has been removed from your PC, the problems created by the software are gone. You can use a program like CCleaner (free version only) and remove traces of Superfish from your system's registry, but this isn't a required step and even if traces exist, they shouldn't cause problems.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.