Removal instructions for Superfish

[Metallica]

What is Superfish?

The Malwarebytes research team has determined that Superfish is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one intercepts your internet traffic and uses a certificate to make your connection look secure.

How do I know if my computer is affected by Superfish?

You may see this entry in your list of installed software:

Or you can surf to this Lastpass site

If the Superfish hijacker is installed on your system you will see this warning.

How did Superfish get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was shipped with certain hardware.

How do I remove Superfish?

The first thing you should do is uninstall the software "Superfish Inc. VisualDiscovery" under "Programs and Features" (see earlier screenshot)

You can find this screen by searching for "remove programs"

To make sure your computer is clean, you can follow the instructions below, but it is imperative that you uninstall Superfish first.

• Please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Is there anything else I need to do to get rid of Superfish?

Yes, we will have to remove the SuperFish certificate.

Go to Control Panel\System and Security\Administrative Tools

Or search for "certmgr.msc" and choose "Manage computer certificates"

In the left hand panel, select “Trusted Root Certificate Authorities” followed by the sub-folder “Certificates”. On the right panel, find the item with the name “Superfish, Inc.”.

Rightclick the entry and choose "Delete" or use the red cross in the toolbar to remove the certificate.

We hope our application and this guide have helped you eradicate this hijacker.

If you have done all of this correctly, visit the Lastpass site again and you should see:

 

 

Details for experts:

Malwarebytes Anti-Malware log:

File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 315828Time Elapsed: 10 min, 27 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe, 1532, Delete-on-Reboot, [2492db459dedeb4b9131dd24f016629e]Modules: 1PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\SuperfishCert.dll, Delete-on-Reboot, [13a3918fb2d89d99a2207988d63054ac], Registry Keys: 2PUP.Optional.SuperFish, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VisualDiscovery, Quarantined, [2492db459dedeb4b9131dd24f016629e], PUP.Optional.SuperFish, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VDWFP, Quarantined, [4f677ca43d4d6ec8e5ddd22f3dc94ab6], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 4PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\VisualDiscovery.exe, Delete-on-Reboot, [2492db459dedeb4b9131dd24f016629e], PUP.Optional.SuperFish, C:\Program Files (x86)\Lenovo\VisualDiscovery\SuperfishCert.dll, Delete-on-Reboot, [13a3918fb2d89d99a2207988d63054ac], PUP.Optional.SuperFish, C:\Windows\System32\Drivers\VDWFP64.sys, Quarantined, [4f677ca43d4d6ec8e5ddd22f3dc94ab6], PUP.Optional.SuperFish, C:\Users\{username}\Desktop\superfish_setup.exe, Quarantined, [a412d34dfa9078be6c56d32e1fe7a65a], Physical Sectors: 0(No malicious items detected)(end)

We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
• Malware Execution Prevention

Save yourself the hassle and get protected.