This week Lenovo confirmed reports that it had been shipping computers with software called Superfish that intercepts internet traffic, injects third-party ads, and poses a potential security risk (although Lenovo denies that last part).

The company stopped loading Superfish on its computers in January and shut down the servers that enable the software… although that doesn’t actually stop SuperFish from running on affected PCs. So if you bought a Lenovo computer that rolled off the assembly line between September and December of 2014, there’s a chance you may be affected. In fact, there are probably still a fair number of those PCs on store shelves.

Here’s how to tell if your computer has Superfish installed, and what you can do to remove the software.

superfish safe

First, you may want to check Lenovo’s website to see if you have a model number that was affected. That includes a number of recent Lenovo Yoga, Flex, Miix, G, U, Y, Z, S, and E Series computers. But just having a PC model that’s on the list doesn’t necessarily mean you’ve got SuperFish.

So you may want to visit a website that checks to see if you’re impacted, like these pages from LastPass and  filippo.io. Visit either in a web browser and you’ll see a message letting you know if your PC is affected.

Got Superfish? Lenovo’s got instructions for removing the software.

Update: You may still want to follow the steps below if you want to be certain that Superfish is killed dead and isn’t still flopping around gasping for air. But as The Verge notes, it looks like the next version of Microsoft’s free Windows Defender software will detect and remove Superfish and the system certificate (but not the Firefox certificate). 

Update 2: Lenovo has released its own automatic Superfish removal tool, and the company is also working with Microsoft and McAfee to make it easy for users to quarantine or remove the software using Windows Defender (see above), or McAfee security software. You can still follow the manual instructions below, but the automatic tools are not only easier to use, but the Microsoft and McAfee software will remove Superfish even from computers even if users aren’t aware that their systems are affected. 

superfish removal
Lenovo

 

Manual steps for removing Superfish

Step 1 involves uninstalling the Superfish VisualDiscovery application using the Windows uninstall utility. But that’s just the start.

uninstall superfish

Step 2 is checking to see if the Superfish certificate is installed. Fire up the Windows “Manage computer certificates” utility by typing certmgr.msc into the Windows Search box, then do the following:

  • Click trusted Root Certification Authorities.
  • Click the Certificates folder.
  • Look for any certificates that include the word Superfish.
  • Right-click on those certificates and choose delete from the dialog box.
  • Restart your computer and visit one of the websites again to make sure Superfish has been removed.

superfish cert

Step 3 might be necessary if you’re using Firefox as your web browser:

  • Open Firefox.
  • Open the Options menu.
  • Click the Advanced tab.
  • Click the Certificates tab.
  • Click the button that says “View Certificates.”
  • Look for Superfish and right-click and click the “delete or distrust” button for any mentions of it if you find it.
  • Restart Firefox and visit one of the websites listed above to check for Superfish again.

firefox cert

Lenovo’s hardly the first PC maker to ship computers that come pre-loaded with apps you may not need or want, but Superfish is probably one of the worst examples of bloatware we’ve seen… since it’s also arguably malware (and undeniably adware).

Want to make sure that you’ve got a computer without any software you didn’t bargain for? You might want to consider buying a Windows Signature Edition PC from the Microsoft Store, since these systems come with Microsoft Windows software and little else. You can also try wiping your device and installing a clean version of Windows 8.1… or just scrapping Windows altogether and installing Ubuntu, Debian, Fedora, or another GNU/Linux operating system.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

13 replies on “How to tell if your Lenovo PC has Superfish, and what to do about it”

  1. I hate to see this foolish blunder by Lenovo, since their hardware is usually solid and reasonably priced. I have had much better experiences with their laptops than with Dell, Acer, or HP.

    1. And exactly who do you buy from… since most of the manufacturers install bloat ware at the least? I always view a new PC as a platform to do a fresh OS install. I am partial to Linux, but even if I was sticking with windows, I would do a clean install.

      1. There is a big difference between installing bloatware and secretly installing fake SSL certificates that make all your encrypted communications wide open to interception.

      2. Never had bloatware on PCs from Samsung, Asus, Clevo. The only time I did have bloatware was Advent (which is cheapo low-end PC World’s own brand).

    2. I guess I’ll be buying a Dell notebook this month instead of a Lenovo. Now that Lenovo’s practices are suspect, who knows what else Lenovo is doing that hasn’t been found out yet.

      1. I’d wait to find out if Dell has been doing this too (or any other company for that matter).

Comments are closed.