Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Superfish

- - - - -

  • Please log in to reply
1 reply to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,309 posts
Content is republished with permission from Malwarebytes.

What is Superfish?

The Malwarebytes research team has determined that Superfish is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one intercepts your internet traffic and uses a certificate to make your connection look secure.

How do I know if my computer is affected by Superfish?

You may see this entry in your list of installed software:

warning4.png

Or you can surf to this Lastpass site
If the Superfish hijacker is installed on your system you will see this warning.

unsafe.png

How did Superfish get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was shipped with certain hardware.

How do I remove Superfish?

The first thing you should do is uninstall the software "Superfish Inc. VisualDiscovery" under "Programs and Features" (see earlier screenshot)
You can find this screen by searching for "remove programs"
To make sure your computer is clean, you can follow the instructions below, but it is imperative that you uninstall Superfish first.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Superfish?

Yes, we will have to remove the SuperFish certificate.
Go to Control Panel\System and Security\Administrative Tools
Or search for "certmgr.msc" and choose "Manage computer certificates"
In the left hand panel, select Trusted Root Certificate Authorities followed by the sub-folder Certificates. On the right panel, find the item with the name Superfish, Inc..

warning2.png

Rightclick the entry and choose "Delete" or use the red cross in the toolbar to remove the certificate.

We hope our application and this guide have helped you eradicate this hijacker.

If you have done all of this correctly, visit the Lastpass site again and you should see:
 
safe.png
 
Details for experts:

Malwarebytes Anti-Malware log:


File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315828
Time Elapsed: 10 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe, 1532, Delete-on-Reboot, [2492db459dedeb4b9131dd24f016629e]

Modules: 1
PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\SuperfishCert.dll, Delete-on-Reboot, [13a3918fb2d89d99a2207988d63054ac], 

Registry Keys: 2
PUP.Optional.SuperFish, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VisualDiscovery, Quarantined, [2492db459dedeb4b9131dd24f016629e], 
PUP.Optional.SuperFish, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VDWFP, Quarantined, [4f677ca43d4d6ec8e5ddd22f3dc94ab6], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe, Delete-on-Reboot, [2492db459dedeb4b9131dd24f016629e], 
PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\SuperfishCert.dll, Delete-on-Reboot, [13a3918fb2d89d99a2207988d63054ac], 
PUP.Optional.SuperFish, C:\Windows\System32\Drivers\VDWFP64.sys, Quarantined, [4f677ca43d4d6ec8e5ddd22f3dc94ab6], 
PUP.Optional.SuperFish, C:\Users\{username}\Desktop\superfish_setup.exe, Quarantined, [a412d34dfa9078be6c56d32e1fe7a65a], 

Physical Sectors: 0
(No malicious items detected)


(end)
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements


#2
SpywareDr

SpywareDr

    Member 3k

  • Member
  • PipPipPipPipPipPip
  • 3,421 posts

Microsoft updates Windows Defender to remove Superfish infection


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.