How to remove the dangerous Superfish adware preinstalled on Lenovo PCs

Lenovo has been preloading new consumer PCs with Superfish adware that hijacks the secure HTTPS encryption of every site you visit.

Lenovo's been caught going a bit too far in its quest for bloatware money, and the results have put its users at risk. The company has been preloading Superfish, a "visual search" tool that includes adware that fakes the encryption certificates for every HTTPS-protected site you visit, on its PCs since at least the middle of 2014. Essentially, the software conducts a man-in-the-middle attack to fill the websites you visit with ads, and leaves you vulnerable to hackers in its wake.

You can read all the sordid details here. This article is dedicated to helping you discover whether your Lenovo PC is infected with Superfish, and how to eradicate it if you are.

Which Lenovo PCs have Superfish preinstalled?

Lenovo isn't saying specifically. A representative would only say that the adware was loaded on select consumer-grade machines.

Lenovo forum posts indicate that Superfish has been preinstalled on PCs since at least mid-2014. A report by Myce in January claims that at least the Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro laptops are affected. For safety's sake, if you've bought a new Lenovo PC any time in the past year, you should assume your PC may have Superfish preinstalled.

How do I know if my Lenovo PC has Superfish preinstalled?

It should be easy to discover if your PC came with Superfish preloaded. The adware intrinsic to Superfish is designed to inject visual price-comparison ads into the web pages you visit, in a "Visual Search results" section "powered by VisualDiscovery." If you see that, you're affected (though maybe "infected" is the better word to use).

Update: Browsing to this website will quickly let you know if you have Superfish installed. Thanks, Filippo Valsorda!

Even if you haven't seen that pop up in your browsing, you should check and see if Superfish is installed on your Lenovo PC. Doing so is easy: Just head to Control Panel > Programs > Uninstall a Program and look for VisualDiscovery. If you see it, uninstall it!

Once that's done, run a virus scan. Apparently, many antivirus engines flag Superfish as adware--since it is--or a potentially unwanted program. Conducting a scan can help ensure that the Superfish software is truly gone.

But...

Ditch that troublesome root certificate

The biggest problem with Superfish isn't the adware itself so much as the way it hijacks legitimate SSL traffic. It does so by installing a self-generated root certificate in the Windows certificate store--a hallowed area usually reserved for trusted certificates from major companies like Microsoft and VeriSign--and then resigns all SSL certificates presented by HTTPS sites with its own certificate.

In other words, Superfish conducts a man-in-the-middle attack and breaks the sanctity of HTTPS encryption. And simply removing the adware itself doesn't remove the rogue root certificate.

You can revoke that certificate manually, however. Here's how, as told to PCWorld by Chris Boyd, a malware intelligence analyst at Malwarebytes.

First, press Windows key + R on your keyboard to bring up the Run tool, then search for certmgr.msc to open your PC's certificate manager.

Once that opens, click on "Trusted root certificate authorities" in the left-hand navigation pane, then double-click "Certificates" in the main pane. A list of all trusted root certificates will appear. Find the Superfish entry, then right-click on it and select "Delete."

That should do it. This Microsoft support article outlines a different way of deleting trusted root certificates, though it hasn't been updated in years.

With that, your new PC should be free of all of Superfish's nasty tentacles. Shame on Lenovo for letting this happen to begin with.

IDG News Service's Lucian Constantin provided additional reporting for this article.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags iscosecurityLenovomalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brad Chacos

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?