Fake certificate!
I have what appears to be a fake certificate - "Superfish, Inc." added to both Firefox 33 and Internet Explorer 11.
1. EVERY SINGLE https connection that I make is now verified by Superfish, Inc., on both browsers - this is freaking me out.
2. I cannot find any sort of Superfish, Inc. certificate information online, no one seems to have heard of it. Superfish is a Visual Discovery company and does not appear to be a CA.
3. None of my other computers, with all combinations of browsers, has "Superfish, Inc." as a certificate on any browser.
4. I removed "Superfish, Inc." from the valid certificates and now I get the usual "This connection is untrusted" message from Firefox.
5. I installed Firefox 2.0 on the same computer, and it does not appear to have the problem - all pages are verified by the correct CAs on that browser, such as DigiCert and VeriSign. Only FF 33 and IE 11 have this problem.
6. I installed and ran Malwarebytes anti-malware, which detected a browser hijacker ( I think - it was a PUP.Optional.OutBrowser ), which I promptly deleted, and restarted my computer.
7. I tried resetting and reinstalling both browsers - Superfish disappeared from FF, leaving "This connection is untrusted" messages on all pages, but is still there in IE.
What I don't get is how only those two browsers are RECEIVING Superfish, Inc. certificates. That is quite obviously some sort of virus or something, but it doesn't make any sense anyway.
Any help would be HUGELY appreciated. I am freaking out right now, because I need the https up and working on this computer really soon! I don't know where else to ask!
Wubrane rozwězanje
Wšykne wótegrona (9)
Hello,
Please view this guide from a safe computer:
You can check if this also helps:
If you are still having trouble, try posting in a forum specializing in malware removal:
- Bleeping Computer - http://www.bleepingcomputer.com/forums
- Spyware Warrior Forums - http://www.spywarewarrior.com/index.php
- SWI Forums - http://www.spywareinfoforum.com/
Please report back to us!
Thank you very much - I checked Programs and Features and there was a Superfish there! I removed it and it seems to be fine now.
Normally it's the first thing I check, but I didn't even bother this time because I ran MalwareBytes, which has worked well in the past for me. I guess I'll post this on their support page now.
I would still really like to know why it's that easy for any program to hijack browsers though - and why browser security (and the certified padlock) should be trusted at all in that case.
For the record, I got McAfee with this computer when I bought it a month ago and it's been running on it since. Also - I haven't downloaded or installed anything unusual at all since I got it, so this has been installed during legitimate safe browsing.
It seems that not all scanners view SuperFish as a threat which allows it to install unimpeded.
When applications are installed on your computer, you have to accept through UAC (the dialog that pops up asking if you want to allow the program to make changes to your computer - For Windows Vista or newer) that the installation will make various changes including adding files to your Firefox installation. Other software, such as antivirus applications, can do the same thing, so changes made in this way are assumed to be accepted by the user. Always be careful of where you download software as downloading from unofficial sources have legitimate software bundled/modified with adware - and only a small disclaimer in the installation will tell you that you are installing these extra components.
I have no memory of this - but I'm not stupid. Something must have happened in the last month. Thanks a lot for the help!
You should watch carefully every step of the installation process when you get new software for Windows. A lot of installers try to sneak things in with checked check boxes to install some toolbar or search hijacker.
John99 said
Looks like it was down to lenovo
Yes, I saw this. Thank you for following up! Seems I didn't do anything wrong after all, and I was one of the few people to notice anything wrong. A Google search at the time turned up literally exactly zero results.
I don't understand how this is legal though.
in my personal opinion, this certainly looks like bad practice and could damage Lenovo's reputation. It could be potentially illegal in some jurisdictions but I am sure a big Company like that will have had a legal team review this and try to cover everything with disclaimers and agreements hidden in small print. That discussion though would be outside the scope of this forum.
What is rather an eye opener and within the scope of the forum is that we usually consider Firefox users to have been slightly careless when they get Malware, because it is largely preventable with good practice.
This is an example where the fault lies elsewhere. Computers are often bundled with bloatware but this seems extreme, and probably unheard of for something pre installed.
I fully agree - I am surprised that Microsoft would have policies which allow a manufacturer selling laptops with Windows on them to add their own root certificates so easily. That seems incredibly poor on their part, and not something that should be so easily and legally possible to do with an OS with majority market share.
Also very poor on Lenovo's part to attempt something like this, and I'm glad it came out to the public.