Update: Lenovo has a picture-rich guide for Windows 8 (now complete) and an automated Open Source removal tool.

A few years back, there was this vulnerability found with adware (a form of malware that hides on your device and serves you advertisements) that gets shipped with your computer called a Superfish.

This Superfish lurks in your computer making your device easily susceptible to attacks and for hackers to easily get their hands on your important data.

Primarily, the chances were higher if your PC was made by Lenovo back in 2015 as it got shipped with the Superfish installed. The issue escalated, after being reported by many Lenovo users over at the forums and security researcher Kenn White tweeted images on an example of how the software provides a certificate issued to Bank of America, but instead it is issued by the sneaky Superfish. This is usually done by a trusted body like VeriSign.



In this guide, I’ll show you how to check for Superfish on your Lenovo PC (or any PC for that matter) as well as how to remove Superfish completely.



How do I check if my PC has Superfish?

Simple. Just head over to this badssl.com dashboard and then just scroll down to where it says Superfish and check if it says Yes. If it says Yes, then you have a case of Superfish on your hands and you can quickly go through the steps below to remove Superfish from your device. Most likely if yours is a Lenovo-made device and it’s pretty old, then chances are it may say Yes and contains the unwanted Superfish.

If it says No, however, then you’re good and there’s nothing to do. 🙂



How to Remove Superfish: 7 Steps

Step 1:  Go ahead and open your Start menu and then search for Uninstall a program.  Select it.

Step 2:  Now right-click on Superfish Inc VisualDiscovery and then select Uninstall. You’ll have to enter your administrator password here.

Step 3: Next, what you need to do next is uninstall the certificates. So head back to the  menu and search for certmgr.msc. Then right-click to Run as administrator.


Remove Superfish



Help! This is not working for me.

If you cannot launch as administrator then press on both the Win + R keys and check out the guide here.


Step 4:  Now click on Trusted Root Certification Authorities and then open Certificates.

Step 5:  Here you are going to look for any certificates that include Superfish Inc. Once you have found, right-click to Delete them. If you do not see the option to Delete it, then this is because you may not be running as an administrator (see step 3 above).


Remove Superfish



Step 6: Now all that is left for you to do is just restart your browser (or better yet, restart your computer) and then head back badssl.com dashboard. See if it says No instead of Yes — meaning the Superfish has been completely removed from your deviceIf you still see Yes, then also try to visit this test page: canibesuperphished.com. If you find that you get warned by your web browser before you can access the site, then Superfish has been successfully removed.


That’s it!


Share this guide with anyone who might benefit from this guide. 🙂