Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eset Nod32 Anti-virus keeps blocking Superfish


  • Please log in to reply
28 replies to this topic

#1 Smorton1951

Smorton1951

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 February 2015 - 08:50 AM

This morning I noticed a small screen notifying me that Eset Nod32 Anti-virus keeps blocking Superfish about 30 times.

 

This is scary.  Apparently Eset Nod32 Anti-virus is working but is there anything else I should be doing?

 

Thank you.

 

Smorton



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 20 February 2015 - 09:28 AM

Hi Smorton :)

Do you have a Lenovo laptop? If so, follow the instructions below (either links is fine, the second one have pictures to help you)

http://www.zdnet.com/article/how-to-remove-superfish-adware-from-your-laptop/
http://www.pcworld.com/article/2886278/how-to-remove-the-dangerous-superfish-adware-presintalled-on-lenovo-pcs.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:58 AM

Posted 20 February 2015 - 09:42 AM

Please see this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Smorton1951

Smorton1951
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 February 2015 - 04:25 PM

i have a Lenovoa Yoga 2 Pro which I only use for dictation which is then transferred via Google drive to my main computer which is a desktop.

 

When I go to those websites it indicates that Superfish is not installed on either machine.

 

Does that end it?

 

Thank you.S

 

Smorton



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:58 AM

Posted 20 February 2015 - 04:38 PM

(If the browser asks you to confirm/trust/accept with a pop-up it's good: you're not affected. But for the future consider that answering yes to those pop-ups is dangerous: you are giving up the security of the connection.)

https://filippo.io/Badfish/
 
Per the Superfish CA test...if you don't see the YES....then you are not affected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Smorton1951

Smorton1951
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 February 2015 - 04:55 PM

I have been to this site several times with both the Lenovo and my custom made desktop and I don't see "yes" but some message that I probably am not affected with it. Yet my ESET 32nod seems to be the only thing blocking this superfish website and I get a message that it is constantly blocking it.


Frustrating.

Thanks

Smorton

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 20 February 2015 - 05:25 PM

Smorton, did you follow the information provided in the links above to see if there was indeed a Superfish, Inc. certificate installed on your system?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Smorton1951

Smorton1951
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 February 2015 - 08:37 PM

I looked at both computers (desktop and Lenovo Yoga Pro 2) and no certificates show up.  Also looked at a LastPass website which tells me I don't have it.

 

I wish I understood this better.

 

Thanks

 

Smorton



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:58 AM

Posted 20 February 2015 - 08:51 PM

Did you check Programs & Features?
 

To be certain that SuperFish is completely removed, you must make sure:

A. The SuperFish application is uninstalled and
B. The SuperFish certificate is removed.

Lenovo automatic Superfish removal tool


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Smorton1951

Smorton1951
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 February 2015 - 09:28 PM

I have never found evidence that Superfish was installed.  To the contrary, both computers indicate it is not installed.  One one computer, the ESET NOD32 Anti-virus keeps blocking it.  ESET states:  Address has been blocked.  URL Address: 

 

Does that mean I have it.  It does not show up in the programs or the trusted certificates on either machine.

 

Thanks

 

SM



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:58 AM

Posted 20 February 2015 - 09:49 PM

You may be dealing with a false positive. See Lenovo and Superfish? Don’t panic, you may not be affected by Stephen Cobb, ESET Senior Security Researcher
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 20 February 2015 - 09:52 PM

Smorton, does ESET shows which process is trying to access that URL or not? Also, mind if I take a look at your installed programs?
3Al62Pm.pngList Installed Programs
  • Download MiniToolBox and move it to your Desktop;
  • Execute it by double-clicking on it;
  • Check the "List Installed Programs" checkbox;
    dE2KOUZ.png
  • Click on the Go button;
  • Once the scan is complete, a log will open.
    wRKHMXW.png
  • Copy/paste (select the Notepad, press Ctrl + A then Ctrl + C to copy, and Ctrl + V to paste) the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:58 AM

Posted 20 February 2015 - 09:54 PM

He has already checked his installed programs. I provided a link in Post #9 for how to check that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 20 February 2015 - 10:13 PM

Sorry, couldn't see the link because I can't open your links from my phone for some reason. I think it has to do with the way IPB formats MyBB code for URL.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 milleroo

milleroo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 20 February 2015 - 10:56 PM

I had what sounds like the exact same symptoms. My desktop PC is custom built (not Lenovo), and Eset Nod32 kept blocking www.superfish.com whenever I browsed the internet with Chrome. https://filippo.io/Badfish/ said I was fine. And I could not find a Superfish program or certificate anywhere - I followed all the guides, but this problem seems to be different.

 

Maybe you're having the same problem as me. I seem to have fixed it by deleting all of my Chrome extensions, disabling developer mode, and clearing all of my browser data. Before that, I tried clearing my browser data without removing the extensions, which fixed it temporarily, but then it came back when I reopened Chrome.

 

I deleted my extensions 30 minutes ago and the messages have stopped, even after multiple resets of Chrome and the computer. Hopefully this fixes it, and hopefully it works for you too! I was just about ready to reformat my computer before trying this...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users