The root certificate of Superfish adware got already hacked and attackers can make use of the certificate now. It is safer to remove the certificate from your PC. Read the instructions below.
To delete untrusted root CA certificates
- In Windows, point to Start, and then click Run.
- In the Run dialog box, in the Open box, type MMC, and then click OK.The Microsoft Management Console (MMC) appears.
- In the MMC, on the File menu, click Add/Remove Snap-in.
- In the Add or Remove Snap-in dialog box, click Certificates, and then click Add.
- In the Certificates snap-in dialog box, click Computer Account, and then click Next.
- In the Select Computer dialog box, enter the name of the computer for the snap-in to manage. In your case, select Local Computer.
- Click Finish, click Close, and then click OK.
- Expand the Certificates node.
- Expand Trusted Root Certification Authorities.
- Click Certificates.The details pane appears, showing all of the root CA certificates that are currently trusted.
- Delete the root CA certificates that you do not trust. In this case, search for Superfish certificate and remove it.
Note that not all Lenovo PCs are affected. Superfish was included on some Lenovo consumer notebook products (not ThinkPad PCs) shipped in a short window between October and December. Lenovo is aware of this Superfish adware issue and stopped preloading the software in January. They have completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active.
You need to also uninstall Superfish Visual Discovery software from your Lenovo PC,
- Go to Control Panel > Uninstall a Program
- Select Visual Discovery > Uninstall
Source: Lenovo and Microsoft