• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!


Superfish in Cert8 db file

Someone posted something similar to this on the forums before, but it was locked with no answer and it was not solved.

I have a Lenovo Flex 2 running Windows 10.
This evening after running a scan my Norton Security popped up to tell me that it found: cert8.db contains threat Adware.Superfishremove and that I needed to get a repair tool from the Lenovo Website, according to the Norton website, which I did.
I scanned my laptop with this tool, and it was clear of any threat, without removing anything.

Manual removal instructions are here, on the Norton website:
And, on the Lenovo website:
I followed them, and there was nothing related to Superfish in my Add/Remove Programs, there was nothing labeled Superfish in Mozilla Firefox's Certificated Manager. I do not use Thunderbird.
I looked in Windows Certificates manager and there was nothing regarding Superfish in Trusted Roots Certificates (or any other certificates folder).

I went back to Norton Security to see where the file was that was flagged for Superfish and found that it resided in:
C:\Users\MyUserName\AppData\Roaming\Mozilla\Firefox\Profiles\zsuyyn3l.default in the file named Cert8, which is a database file. I opened the file with Notebook and could see the name Superfish, Inc. listed in the file several times, so I guess this is what it's picking up on.

This was detected by auto-protect, but I run a scan every day that my laptop is open and I've had this laptop for almost 2 years, so why is it just now picking this up if it originated sometime in 2015?

Can this file be deleted safely? The other person who posted a couple of years ago said that it just kept coming back.
Is this a false positive?

Thank you.

Labels: Firefox 50, Virus



Re: Superfish in Cert8 db file

Several years ago, it was discovered that Superfish was preinstalled on Lenovo computers and that it posed a significant security risk.  Here is Lenovo's write up:


And removal instructions:


If you have run the removal tool, I would suspect a possible false positive.  If you still had the program installed, the Lenovo tool would take care of it.

Accepted Solution

Re: Superfish in Cert8 db file

Hi, thanks for replying.

I knew about Superfish being installed on Lenovo computers. It was explained on the Lenovo and Norton websites where the instructions are on how to remove it as I mentioned in my original post.  I know I don't have the program installed, as I ran the removal tool and it told me this and I also followed the manual instructions on how to remove it and there was nothing found in the places on my computer where the instructions told me to look.  It is finding Superfish references in a different file (cert8.db), not named in any of the manual instructions from Lenovo, Norton, or any other reputable site that offers removal instructions for Superfish that I could find.

Superfish was found (by Norton) in the cert8 database file for Windows 10. The cert8 file is created by Mozilla Firefox to store CA (Certificate Authority) certificates. When I opened this file in Notebook, I searched for "Superfish" and found it in several areas of that file and that is what Norton was picking up on.  I am guessing that possibly, the Superfish references were not removed when Superfish was removed from my laptop, but for some reason, as long as I've had this laptop (and removed Superfish), Norton has not picked up on the reference of Superfish in the cert8 file until yesterday.

After I posted here last night, I read up on deleting the file and found out that I could do this safely. I deleted the cert8.db file from Windows 10 and it was re-created when I opened Firefox. I, again, opened it in Notebook and searched for Superfish and it was gone. I then ran a scan on that file with Norton and Malwarebytes and it was clean.

Problem solved.

This thread is closed from further comment. Please visit the forum to start a new thread.