Probably you have heard about the Lenovo debacle, many of their laptop series are preloaded adware/spyware Superfish (you can also call Superfish a dirty piece of malware) that will intercept all your secure connections and this will allow criminals to do it too. Superfish uses an “SSL hijacker” (Komodia Redirector with SSL Digestor) and an untrustworthy Komodia root certificate. Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing. In this way an attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.
Many other softwares do similar because Komodia sold its malicious kit to other companies as well, some of these companies/vendors are e.g. Atom Security, Inc, Infoweise, KeepMyFamilySecure, Kurupira, Lavasoft, Qustodio and Websecure Ltd. There will be others as well.
Superfish removal can be done via Windows standard add/remove programs utility, find Superfish Inc VisualDiscovery, tick it, and click uninstall. Uninstalling Superfish and other Komodia-type programs does not remove the root certificates, so you need to do this: type certmgr.msc into the Windows search box, right click on the programs name, and select “run as administrator” from the pop-up menu. Subsequent click the action menu item and select “find certificates”. Type Superfish etc into the search box and click the “find now” button. If you find an unwanted certificate, right-click and select delete.
Fwiw never download from unsafe places such as CNet’s Download.com or from Google search ads, downloading software from such places can be really dangerous, in many cases the downloaded software can and will be contaminated with adware, spyware and/or malware.
There’s a simple way to check your machine on the existence of Superfish, Komodia, PrivDog & Co, we advise you to visit the filippo vulnerability test page and perform the vulnerability test: https://filippo.io/Badfish/ Important: do the test with all browsers installed.
Instructions for identifying and removing a root certificate from Windows here: http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates
Finally we know that many AV (antivirus) products will find and remove the Superfish, Komodia, PrivDog and similar crap, despite we still strongly advise to perform the filippo vulnerability test and to check your machine also on the existence of untrustworthy certificates.
I’m pleased to announce that the Security & Anti-Malware Software Updates Survey Forum on Smokey’s Security Forums is entirely revamped. As you know, a safe surfing experience will only be possible when all (security)software on your box will be up-to-date, the Smokey’s Security & Anti-Malware Software Updates Survey Forum provides you with the possibility to stay current and to avoid outdated software.
The forum is rebuild from the scratch, all Security/Anti-Malware software is sorted now into alphabetical order and up-to-date. Additional features are sorting software by Category/Tag and to stay current by way of subscribing to the Security & Anti-Malware Update Topics.
The revamped Software Updates Survey Forum is entirely designed by Smokey’s new Team Leader of that forum: Creer. He invested lots of time in the design, I’m grateful for all his hard design work and continuous efforts to keep the forum up-to-date.
Like before, in case you need (of course free!) malware removal help please don’t hesitate to visit our Malware Analysis & Removal Help and Support Forum, fully trained/graduated/qualified malware removal staff will be pleased to clean your box/removing malware.
GoDaddy just auctioned off Mike Healan’s original SpywareInfo.com, and what happened to it is what we feared would when we saw how high the price was getting. It appears that site is pushing rogue programs and is intended to make some quick money for the same people that Mike fought for many years… It is selling several rogue programs, including at least one that is considered to be an active infection… I strongly recommend that everyone avoid it unless your PC if quite well armored and I particularly recommend that no one buy anything through it.
Remember, Mike Healan’s spywareinfo is at http://www.spywareinfoforum.info. Change your bookmarks and shortcuts. And it will be helpful if you will post about the new address at sites you’re a member of.