Lenovo Superfish – Cleanup in Seafood Isle Needed!

What a mess.

I guess there is something to be said about “clean” OS installs…even for brand-spanking-new hardware.

What I find interesting in this particular event (now that the initial dust seems to have settled) are both the analysis of the threat created and the removal techniques; especially the manual removal process.

For Cleanup

• Superfish Uninstall Instructions - Lenovo Support (US) – Automated tool and manual removal instructions from the folks who kindly made the mess to begin with.
• Lenovo redeems itself with open source Superfish removal tool – Betanews
• Lenovo and the Superfish fiasco - Malwarebytes Unpacked
• Removal instructions for Superfish - Malware Removal Guides and Self Help Guides - Malwarebytes Forum
• How to remove the Superfish malware: What Lenovo doesn’t tell you - Ars Technica
• Windows Defender now removes Superfish malware… if you’re lucky - Ars Technica

For Background

• Superfish: PC makers say crapware is for your own good [Updated x2] - TechBlog
• Superfish doubles down, says HTTPS-busting adware poses no security risk - Ars Technica
• Lenovo honestly thought you’d enjoy that Superfish HTTPS spyware - Ars Technica
• Man-in-the-Middle Attacks on Lenovo Computers – Schneier on Security
• Lenovo pre-installing Superfish adware on its notebooks, rendering them insecure [Updated x5] – TechBlog
• LEN-2015-010: Superfish Vulnerability - Lenovo Support (US)

Better bring an extra mop…

--Claus Valca