[Buge]

I found it by myself several weeks before all this news came out.

I got my new Lenovo Y50, visited my own website with it and decided to see how my https cert looked. I got quite scared when I saw I was being MITMed but I googled it and there were already a ton of forum posts saying it's just stuff bundled with Lenovo. So I uninstalled it.

[rst]

Note that uninstalling the program doesn't completely undo the damage; you also need to get rid of the trusted certificate that it uses to make all of its forged certs look legitimate to the browsers. (The private key for that cert has been widely distributed, and at this point, anyone can use it to make a cert for your bank that will look legitimate to your machine so long as the Superfish root cert remains in place.)

Complete instructions here: http://www.pcworld.com/article/2886278/how-to-remove-the-dan...