7700 Folsom Auburn Rd. Suite 125Text or Call (916) 987-5474Support@BitWiseComputerRepair.comBitWiseComputersM & F: 8am-8pm T-T: 9am-6pm Sat: Appt. Only

Lenovo Installs Adware on New Laptops

Post 5 of 112

Lenovo has been caught installing adware that inserts ads into webpages.


Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there’s something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

Even worse, the private encryption key accompanying the Superfish-signed Transport Layer Security certificate appears to be the same for every Lenovo machine. Attackers may be able to use the key to certify imposter HTTPS websites that masquerade as Bank of America, Google, or any other secure destination on the Internet. Under such a scenario, PCs that have the Superfish root certificate installed will fail to flag the sites as forgeries—a failure that completely undermines the reason HTTPS protections exist in the first place.


To get rid of this run the Microsoft Management Console, mmc.exe, and do the following:

First, you need to get rid of the program. To do that, first take the following steps:

  • Go to Control Panel > Uninstall a Program
  • Select Visual Discovery > Uninstall
  1. Go to File -> Add/Remove Snap-in
  2. Pick Certificates, click Add
  3. Pick Computer Account, click Next
  4. Pick Local Computer, click Finish
  5. Click OK
  6. Look under Trusted Root Certification Authorities -> Certificates
  7. Find the one issued to Superfish and delete it.

, , ,