Microsoft security software detects and removes this application, known as "Superfish", from Lenovo devices.

The version of Superfish pre-installed on some Lenovo devices is known to install a trusted root certificate for which the private key and password is publically known. This can make your PC vulnerable to spoofing attacks.

The certificate can be exploited using phishing or man-in-the-middle attacks to decrypt, modify, or spoof websites, such as banking, social media, or email websites. This could allow a malicious hacker to steal your user names, passwords, and confidential data. They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website.

Find out more about how and why we identify unwanted software.

Windows Defender detects and removes this threat.

Worms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves to removable drives, network folders, or spreading via email.

Typically, worms can get on your PC if you visit a compromised website, open an unsafe email attachment, or use an infected removable or network drive (like a USB flash drive).

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

Worms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves to removable drives, network folders, or spreading via email.

Typically, worms can get on your PC if you visit a compromised website, open an unsafe email attachment, or use an infected removable or network drive (like a USB flash drive).

Find out ways that malware can get on your PC.

Backdoor:Win32/Rbot.CZ is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Win32/Mytob.T@mm is a mass-mailing network worm that targets computers running certain versions of Microsoft Windows. The worm can spread through e-mail, network shares, MSN Messenger, and Windows Messenger. It can also spread by exploiting the Windows vulnerabilities described in Microsoft Security Bulletins MS04-011 and MS03-026. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Worm:Win32/Lovgate.AC@mm is a mass-mailing worm that sends itself as an e-mail attachment to addresses found on the infected computer. To spread via networks and file shares, Worm:Win32/Lovgate.AC@mm copies itself to writeable network shares and shares protected by weak user name and password pairs. The worm opens a backdoor on infected systems and may send system passwords and other sensitive information to the worm's author.

Worm:Win32/Lovgate.AE@mm is a mass-mailing worm that sends itself as an e-mail attachment to addresses found on the infected computer. To spread via networks and file shares, Worm:Win32/Lovgate.AE@mm copies itself to writeable network shares and those protected by weak user name and password combinations. The worm opens a backdoor on infected systems and may send system passwords and other sensitive information to the worm's author.

Backdoor:Win32/Haxdoor.DK is a backdoor Trojan that allows remote control of the machine over the Internet. The Trojan is rootkit-enabled, allowing it to hide processes and files related to the threat. Backdoor:Win32/Haxdoor.DK lowers security settings on the computer, gathers user and system information and sends it to a third party

Win32/Mytob.R@mm is a mass-mailing worm that spreads as an attachment through e-mail.  It can also spread to computers that have not been patched for the vulnerability described in Microsoft Security Bulletin MS04-011. Win32/Mytob.R@mm has a backdoor component that connects to an IRC server from the infected computer, allowing it to receive commands from attackers.

Backdoor:Win32/Berbew.AZ is a backdoor Trojan that retrieves locally cached passwords and passwords from active windows, and sends those passwords to a remote website.. Backdoor:Win32/Berbew.AZ also opens and monitors TCP ports for incoming transmissions.

This program was detected by definitions prior to 1.175.2145.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

An Exploit:Win32/MS06-070 detection signifies exploit code related to a vulnerability found in the Workstation service. Successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on impacted systems. Details on the vulnerability, the security update, and recommended workarounds for those unable to immediately install the recommended security update can be found in Microsoft Security Bulletin MS06-070 at http://www.microsoft.com/technet/security/Bulletin/MS06-070.mspx.

This program was detected by definitions prior to 1.175.2424.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Worm:Win32/Stration.X is a mass-mailing email worm that sends itself to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Worm:Win32/Stration.X also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file is typically another variant of the Win32/Stration family.

Backdoor:Win32/Haxdoor.DK is a backdoor Trojan that allows remote control of the machine over the Internet. The Trojan is rootkit-enabled, allowing it to hide processes and files related to the threat. Backdoor:Win32/Haxdoor.DK lowers security settings on the computer, gathers user and system information and sends it to a third party