What is Superfish?
The Malwarebytes research team has determined that Superfish is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one intercepts your internet traffic and uses a certificate to make your connection look secure.
How do I know if my computer is affected by Superfish?
You may see this entry in your list of installed software:
Or you can surf to this Lastpass site
If the Superfish hijacker is installed on your system you will see this warning.
How did Superfish get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was shipped with certain hardware.
How do I remove Superfish?
The first thing you should do is uninstall the software "Superfish Inc. VisualDiscovery" under "Programs and Features" (see earlier screenshot)
You can find this screen by searching for "remove programs"
To make sure your computer is clean, you can follow the instructions below, but it is imperative that you uninstall Superfish first.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
Yes, we will have to remove the SuperFish certificate.
Go to Control Panel\System and Security\Administrative Tools
Or search for "certmgr.msc" and choose "Manage computer certificates"
In the left hand panel, select Trusted Root Certificate Authorities followed by the sub-folder Certificates. On the right panel, find the item with the name Superfish, Inc..
Rightclick the entry and choose "Delete" or use the red cross in the toolbar to remove the certificate.
We hope our application and this guide have helped you eradicate this hijacker.
If you have done all of this correctly, visit the Lastpass site again and you should see:
Details for experts:
Malwarebytes Anti-Malware log:
File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 315828 Time Elapsed: 10 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe, 1532, Delete-on-Reboot, [2492db459dedeb4b9131dd24f016629e] Modules: 1 PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\SuperfishCert.dll, Delete-on-Reboot, [13a3918fb2d89d99a2207988d63054ac], Registry Keys: 2 PUP.Optional.SuperFish, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VisualDiscovery, Quarantined, [2492db459dedeb4b9131dd24f016629e], PUP.Optional.SuperFish, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VDWFP, Quarantined, [4f677ca43d4d6ec8e5ddd22f3dc94ab6], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 4 PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe, Delete-on-Reboot, [2492db459dedeb4b9131dd24f016629e], PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\SuperfishCert.dll, Delete-on-Reboot, [13a3918fb2d89d99a2207988d63054ac], PUP.Optional.SuperFish, C:\Windows\System32\Drivers\VDWFP64.sys, Quarantined, [4f677ca43d4d6ec8e5ddd22f3dc94ab6], PUP.Optional.SuperFish, C:\Users\{username}\Desktop\superfish_setup.exe, Quarantined, [a412d34dfa9078be6c56d32e1fe7a65a], Physical Sectors: 0 (No malicious items detected) (end)We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention