1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Quick question about Lenovo and Superfish

Discussion in 'General Security' started by electroplid, Feb 20, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. electroplid

    electroplid Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    150
    This is a quick question. I purchased a Lenovo laptop a few years ago with Windows 8 pre-installed.. it didn't work with any of my peripherals so I ended up doing a clean install of Windows 7... Am I right in assuming this would eliminate any Superfish issues with my computer? This is of course assuming that it was even installed on my Lenovo in the first place.

    Thanks!

    Frank
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,571
  3. electroplid

    electroplid Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    150
    I think it's a 305n or something like that... It's at home, so I'll have to check it later tonight... it was set up for Windows 8 but as I said, it's been downgraded.
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,571
    I'd say the odds are VERY high you have that exploit. The steps to remove it are on that link, pretty easy to follow.
     
  5. electroplid

    electroplid Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    150
    Even with the downgrade?
     
  6. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,571
    yup. The exploit, to my understanding, works at a pretty low level. Besides, the check is cake. Click on the link with IE or Chrome (not FF), and it will say yes or no pretty much instantly. Yes, follow the half-dozen instructions to remove it. No, go about your merry day. :)
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,645
    First Name:
    Frank
  9. Tabvla

    Tabvla

    Joined:
    Apr 10, 2006
    Messages:
    2,554
    According to The Register, Microsoft issued a statement yesterday (2015-02-20) that Windows Defender is now programmed to remove SuperFish and more importantly the Root Certificate.

    A check of W8.1 Lenovo computers that use WD as the AV software have shown that neither the software nor the Root Certificate are present on any of these machines.

    T.
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,645
    First Name:
    Frank
  11. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    AdwCleaner is finding Superfish in Chrome user profile on a scan I did for someone today.
     
  12. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    On a user's computer yesterday, I even found it in a Firefox extension... He was constantly being prompted by ESET while using Firefox, and not his other browsers. Neither AdwCleaner, nor MBAM ever saw anything! Simply removing the extension did it. Looks like Mozilla missed that one...

    [​IMG]
     
  13. Tabvla

    Tabvla

    Joined:
    Apr 10, 2006
    Messages:
    2,554
    My understanding is that the single most important aspect of disabling access to Superfish was to remove the Root Certificate. If you don't remove the Root Certificate then Superfish is still a "Trusted" source.

    Therefore "Tools" or AV software that block Superfish without removing the Root Certificate are not addressing the underlying cause.

    Is my understanding correct..?

    T.
     
  14. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    On the computer I scanned with AdwCleaner as the first tool.....there were several items such as the search, start page, etc detected and cleaned by quarantine / setting changed to default.

    However there was no certificate found.....this in windows 8.1 in the certificate store as the Lenovo directions for a manual removal have you follow.

    If any one encounters Superfish whether they are on a Lenovo computer, or any other and use browsers they need to follow the advice and directions at the Lenovo site

    http://support.lenovo.com/en/product_security/superfish_uninstall#ie

    There are directions to use an automated or a manual removal - the certificate removal info is there and is not hard to understand or to do.

    Mozilla /Firefox has directions...and the IE, Chrome, and several other browsers have a set of directions.

    NOTE:

    Then>> here is a detailed account of other adware containing apps, sites, very much doing the same certificate "changes" which has been ongoing.

    http://www.howtogeek.com/210265/dow...bundle-superfish-style-https-breaking-adware/

    The malware fighters here as well as worldwide always are updating their methods and "how-tos" to reflect the newest available information. It's becoming the usual in our directions when removing malware to carefully de-select some bundled adware when they download a tool..... This helps not only the one person>>> many others read and will heed these steps and take notice that adware is a possibility that must not be over looked when downloading anything. I know it's a bit awkward, but we are having to deal with it right now.

    So, yes, it is very critical to check for the Certificate pointing to Superfish but you may not find one... which is odd.
     
  15. Tabvla

    Tabvla

    Joined:
    Apr 10, 2006
    Messages:
    2,554
    Bill, thanks for your reply and for confirming that removing the Root Certificate is a critical part of the clean-up.

    One further question.... you wrote : "...... If anyone encounters Superfish ..... "

    I am wondering if there is a simple, easy method that non-technical users can employ to detect Superfish on their systems.... ??

    I am trying to author a set of simple instructions for this purpose, but every time I end up with something that is far too involved for your average office or home-office user. So any input to facilitate simplicity would be appreciated.

    T.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143464

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice