Once news broke about the months-long intentional consumer activity tracking by device manufacturer Lenovo, it wasn’t long before experts began to look for ways to remove it. Despite early warnings that the only surefire way was going to involve a hammer and the hard drive, that doesn’t appear to be the only option.

Image courtesy of techrepublic.com

Image courtesy of techrepublic.com

Lenovo has promised that it disabled the adware/malware after user protests, but many experts aren’t sure that’s good enough due to the program’s ability to void SSL/TLS connections and leave a hole for man-in-the-middle hacking. The manufacturer also neglected to mention that Superfish creates its own root certificate authority, leaving users vulnerable to data breaches.

A simple Uninstall Programs won’t do it because the signatures have already been created, and depending on the type of browser you use, the cache may still contain the certificate. Make no mistake, you still need to uninstall it, but don’t think your work is done yet, even though Lenovo has already announced that this simple fix is all you need.

According to Steven J Vaughan-Nichols of ZDNet, you have to remove the bad certificate too. You’ll need to dig out your administrator’s credentials on your system to do this next part. As Vaughan-Nichols has outlined, the steps aren’t all that straightforward; step on is to go to the Microsoft Management Console (MMC.exe) and do the following:

  1. Go to File -> Add/Remove Snap-in
  2. Pick Certificates, click Add
  3. Pick Computer Account, click Next
  4. Pick Local Computer, click Finish
  5. Click OK
  6. Look under Trusted Root Certification Authorities -> Certificates
  7. Find the one issued to Superfish and delete it.

“You can’t just rerun CertMgr.msc directly because that only shows the user account, not the Computer Account cert store. The bad Superfish certificate lives at the Computer Account level,” he explains.

While that won’t remove every directory that Superfish ever inhabited or created, it shouldn’t cause any more dangerous issues. Affected users will also want to check the cache in their browsers for any lingering certificates from Superfish, and remove those as well.