How to remove Superfish “Super Shopping” virus? Check all you extensions

This was really a long story – and I finally won today. The verdict? The culprit is very surprising: my favorite Chrome extension MeasureIt.

superfish super shopping virus malware
For a while, you might even not noticed that the virus adds offers like it to Ebay of Amazon pages… Once you find out, you will get crazy as it is very hard to get rid of it…

After weeks of desperately trying to get rid of a very annoying malware called Superfish, Super Shopping, etc, showing “visual search results” of stuff you definitely did not want, the epic quest ended. And it is, in a way, very sad ending – I loved MeasureIt, I was a great tool to measure on-line pixel sizes of photos, banners etc.

But yes, no doubt, the lovely little thing has smuggle a virus (or malware, to be more precise) which was adding “super shopping” offers of Superfish.com to big websites like Ebay.com of Amazon.com (See the pictures – and perhaps you should check if you are not infected as well).

I was really very angry and very nervous, since I hate my computers being “under attack” constantly. I have no intention of listing all the steps I did over last 3 months, I would be a very long list.

1. I checked many great articles about it, such as:

Remove Super Back-up Ads (Virus Removal Guide)

How to Completely Remove Super Shopping?

superfish super shopping virus malware
Want to by a book about Photoshop? The Suppper Shoping malware smuggles the “best deals” to many different places… Be careful!

2. I did all the necessary steps: I erased all suspicious programs from my computers (see the listed articles for advice how to do it)

3. I tested some new great antimalware software such as MalwareBytes, HitMan Pro and so on…

4. I checked perhaps hundred times all my extensions, but all together I use perhaps 10 of them so I did not believe any of them could be it. Surprisingly, I found out one of my favorites was names as possible culprit: Awesome Screenshot. But removing of it did not help. Finally, I removed MeasureIt. And suddenly, the victory came…

Conclusion? I just really do not get why a great thing like this must be infected with virus? And, which is perhaps more striking, why Google allows this software to be listed in its official Chrome Store?

Good luck!

—-

[social-bio]

 

26 Comments

  1. The answer lies here. The plugins were bought by people who intended to make money through advertising.

    http://www.zdnet.com/firms-buy-popular-chrome-extensions-to-inject-malware-ads-7000025342/

  2. Photobohemian

    That´s a very good point, Robin, thanks for it… It explains lot to me, since I was not able to understand why should the companines ruin their good work by such terrible addition.. Jan

  3. Thaaaaaaaaaaaaaaaaaaaaaaks !!!!!!

  4. Thank you. I ran Malwarebytes, which found 5 items, but did not remove Super Shopper. After reading your article. I checked my 6 extensions and found (at the time of this writing) it was one called Urban Dictionary Search. Busted! I first opened a product page on eBay. Then I disabled half the plugins and refreshed the ebay tab and the Super Shopper window went away. Then I refreshed each time I added one back until the SS window showed again. Thanks again!

    • Photobohemian

      Chris, thanks for your comment! Yes, I experienced same feelings… so I am glad it helped! Best, Jan

  5. All you have to do is use a program like malwarebytes to do the detection removal process.

    • Photobohemian

      I am actually not sure that would help – since Superfish is not virus in a real terms, these programs will not catch it…

  6. Actually, they do find it, but won’t remove it. They try to, but it comes back until you remove it from browser.

  7. I found it in the Candy Crush Saga Extension for Chrome. When I disabled the extension, Superfish, AKA Super Shopper, window shopper went away after I refreshed the page. When I clicked on the extension page for information about the extension I found it had been removed from the Chrome web store. I then deleted the extension from my computer.

    On another computer when I was looking for the problem I clicked the little i that is up in the right corner of the ads and found the company, went to their website and wrote to them asking them how to get rid of it. To my total surprise I got back a very courteous email within 12 hours that told me that a number of apps had partnered with them and I had to find which app was doing this. I then wrote back and asked for the names of the app makers and have not heard back but it was late on Friday when I wrote. Anyway, I was totally surprised – at the response, at the speed of the response, and at the courtesy of the writer. I guess I expected either nothing or some evil sounding response.

    I then looked for a new Candy Crush Saga extension for this computer because I like having it available at the top of the Chrome window instead of on an app page. But there were no extensions. There were 3 apps available. Two of them blasted Candy Crush as a cash cow for the owners due to required in app purchases but they did make it available to play on their game websites if you wanted to install the app (which is just basically a link to their site). The third one said it is a mobile flash version and did not mention in app purchases so this is the one I am trying. I had to install each of them before I got that information. I deleted the first two and am keeping the mobile flash version. I have a Mac with
    OS X 10.8.5

    I hope this helps someone else.

  8. Removing extensions did not work for mac chrome. I used the remover tool at mysafemac.com. Worked in seconds but took 1.5 days to find them. It removed superfish and nav-links adware from chrome.

  9. Thanks very much for the advice. I had tried all the malware programs such as malwareanti bytes and spybot with no luck.

    I turned off the cargo bridge extension and it went away!

  10. One slightly more generic method of removing it:

    Open your chrome extensions directory (in Windows: C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions), and search for “superfish” there. When its found in one extension, look up the long character soup pathname right under the “Extensions” directory (its “ID”) in the browser under Extensions. Remove that extension.

    • Brilliant! This worked like a charm Bet. I have tried everything else, this is the only thing that has worked for me to get rid of the superfish plague. I suggest others to try this as well before wasting your time doing anything else.

    • By the way, the Google Chrome extension that was infected with superfish on my computer was Incognito This. I overlooked this one many times because I thought for sure there was no way this would be the culprit. I was wrong!

  11. My Instagram extension was the culprit. Super Shopping disappeared when I disabled the extension.

  12. My google chrome solitaire extension seems to be the problem. It disappeared after I deleted it from Chrome settings.

  13. My culprit was Tetris. Once removed Super Shopping went away.

  14. Thanks heaps, been looking for months… Finally got rid of it and unfortunately Measure It, I’ll just use the old F12 button now.

  15. I din’t read if this was mentioned but just found Superfish in my StumbleUpon extension as well. Thanks for the help in locating as the article helped guide me right to it. Nuisance eliminated!

  16. I had this virus too, and I got rid of it just by clicking on the ”By Super Search” button and there you could just click on a butten that reads: ”To disable Super Search, click here”. And it worked. AVG didn’t find anything, but it’s very easy to remove it…

  17. Was a flash player extension in Chrome for me..deleted and all is good now

  18. all sollutions above didn’t work in my case.I installed Spyhunter and that did the trick.

  19. Thanks for the comments…It was attached to Solitaire! Good to hear from a Czech! Děkuji mnohokrát!

Leave a Comment

Your email address will not be published. Required fields are marked *

*