Lenovo has released a tool to help users remove Superfish, according to a statement released today by the company.
Superfish is an adware program that was pre-installed on Lenovo's consumer PCs and made users vulnerable to attack. The Superfish bug quickly went from bad to worse yesterday when researchers found and published a password that would allow anyone to unlock the certificate authority and bypass the computer's web encryption. With the password and the right software, a person on the same Wi-Fi network as a bugged Lenovo user could potentially spy on that user, or insert malware into the data stream.
Users need to uninstall Superfish and remove the certificate
The tool allows users to automatically uninstall the Superfish application and remove the certificate from web browsers, which previously could only be done manually. In the statement, Lenovo said, "We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies. This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem."
Users with infected computers will need to uninstall Superfish and remove the certificate in order to completely fix the issue. Researcher Filippo Valsorda created this test to show if your computer is infected.
Superfish is present on Lenovo laptops sold between September 2014 and January 2015, although Lenovo says no Thinkpads were shipped with the adware.