How to detect if I am vulnerable to "Superfish," and how to remove it?

You can check to see if you're machine is vulnerable by browsing to this site: https://badssl.com/dashboard/

Everyone keeps saying that you need to completely reinstall a clean version of Windows. I would first try to remove Superfish first. To remove the executable you should be able to use the normal Windows Add/Remove programs method. I believe the executable is called Visual Discovery.

To remove the certificate follow these steps from StackOverflow:

FYI, this Superfish software is now a major news headline: http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

It is preloaded by Lenovo (there may be other vendors). You have to uninstall it, but that will not remove the certificate. To remove the certificate, you must do the following:

  1. Run mmc.exe
  2. Go to File -> Add/Remove Snap-in
  3. Pick Certificates, click Add
  4. Pick Computer Account, click Next
  5. Pick Local Computer, click Finish
  6. Click OK
  7. Look under Trusted Root Certification Authorities -> Certificates.
  8. Find the one issued to Superfish and delete it.

If you are really paranoid, the best solution would be to reformat your laptop and install Windows with Microsoft media, not the factory recovery stuff.

While the above removes it from the Microsoft Trusted Store, this link indicates that the root certificate might be injected into browser trusted stores. Check that your browser also does not trust the Superfish Inc certificate. Chrome and IE both use the operating system's trusted root store. If you're using FireFox you need to manually remove it.

Remove Trusted CA from FireFox Trusted Store

  1. Click the menu button, then choose Preferences
  2. Click the Advanced in the upper tab menu
  3. Then click Certificates in the lower tab menu.
  4. Click View Certificates
  5. Under the Authorities tab check for the Superfish Inc certificate
  6. If it's found, then click on the certificate and then click Delete or Distrust
  7. Finally click the Ok button to confirm that you're removing it.

Tags:

Malware

Tls

Recent Posts