Q: Trovi Virus Removal Needed

Thank you I totally found like 4 files ugh!

Littles.kim wrote:

 

Thank you I totally found like 4 files ugh!

As has been said here multiple times, vfrawley's instructions are completely inadequate for removing Trovi. See some of the other responses for further instructions.

Update on my situation if anyone has a problem.    I couldn't find any specific instructions relating to a mac so I went it on my own.  First, TROVI is not a virus but may be an adware and is something known as a Browser Hijacker.    It hijacks your browser settings and MAY take your search information and save it and send it to third parties who can use it to direct ads to you or even steal information. 

I found where I got it.  I downloaded a program from the internet.   As I learned from a mac service professional, you need to be very careful with downloading software from the internet.   Especially FreeWare.  Make Sure you are downloading directly from the developers site and not a third party "Bundler".    The program I downloaded was FLVTO which downloads videos from Youtube.   It is, I understand, a legitimate program but I may have downloaded it from a site that BUNDLES software and promotes and distributes it along with other FreeWare Programs and Adware.

In my case, as I downloaded FLVTO, the menu that guided me had dialogue boxes that asked my permissions for certain things.   In a hurry, I just assumed that they were legitimate things till I noticed, during a re-install of the program that there was one asking to download TROVI.   It also had one for Yahoo and one for Some Cloud Service as well as a couple others.   By clicking YES to the boxes, I was giving TROVI and other programs permission to change my registrations and preferences in ALL MY BROWSERS, to become my preferred browser or to install on my computer.  After noticing TROVI and declining it, I noticed Yahoo and it slipped past me as I thought it was legit, as Yahoo is.   However,  Surprise,  Now YAHOO was my default browser on  my Safari and Google Chrome.    I also learned that TROVI had installed other adware programs onto my system.   Not only did my browser change but I also noticed that AD popups would come up every time I rebooted my computer.

First, I went into FINDER and did a search for TROVI and deleted all related files.   Then, I found some for the cloud serivice and deleted those,   I deleted the FLVTO files as well.   There were a couple other ads that came up and I deleted files for those as well.  While researching, things came up relating to developer names etc.  I kept note of all the associated names that came up while I was researching and ran those through FINDER to find that many also had files saved on my computer.   Of course, I deleted all those.   Safari was easy to change the preferences and registrations so I left that.  However, Google was more difficult and I was not able to, immediately remove TROVI.   So, I also removed GOOGLE from my computer.   I found that even though I uninstalled Google Chrome 2 times, things came back every time I re-installed it.   I found that I also had to remove and delete the GOOGLE file under Library Application Support.   Now, after re-installing Google Chrome, it seemed clean. 

Lastly, so far,  after talking to my Mac Service Professional, he said that I may want to remove everything from my computer and re-install the OS and everything.  Stating that these programs can hide things all over your computer in places where you may not ever find them.    Even through a normal FINDER Search.   He then recommended Adware Medic but stated again that the only way to be sure  the adware is all gone is to scrub the entire OS etc.,   I ran AdwareMedic and was stunned to find a whole page and a half of other files.  Most if not all were related to those programs that I had originally searched for ad thought I had removed.   Right now, I am not noticing any issues and think I have my system clean.   I don't know though, for sure.

My next step is to work toward making a list of all the stuff that I have on my computer.  Save all my data files and photos etc....   Then, I guess, reinstall everything.   My advice from the Service Guy is to then put the OS on a jump drive and keep that, in case I ever have a problem again.   Then, after I have everything re-installed and setup the way I need it,  Before I do anything else,  he suggested making a clone of my Hard Drive using Carbon Copy Cloner and keep that in a safe place, in case this ever happens again.   He also reminded me the importance of Time Machine and keeping backups of data.   All stuff that I now need to work on .

NOTE:  I originally posted that iCloud was pushed through the download which it was NOT.   I don't recall the name of the cloud service that tried to install.

After running AdwareMedic, if your system seems to be clean (ie, it's not still having problems with inappropriate ads and redirects in the browser), then it should be clean. If there's any doubt in your mind, though, feel free to contact me privately. (I'm the developer of AdwareMedic.) You can use AdwareMedic to take a system snapshot (Take System Snapshot in the Scanner menu) and submit it to me at The Safe Mac.

Doing a clean reinstall of your system can't hurt, but it's also a lot of unnecessary work. No known Mac adware has been documented to actually involve any real malware or spyware. That doesn't mean it couldn't happen in the future, but it's never been seen to happen before. Still, if reinstalling the system is needed to set your mind at ease, then by all means go ahead and do it, even if it's not strictly necessary.

If you want to create a flash drive with the system installer on it, see:

Create a bootable installer for OS X Mavericks or Yosemite - Apple Support

However, note that this really isn't important unless your internet is very slow or has a download cap, and you want to avoid downloading it again in the future. If that's not the case, even if your hard drive dies, taking the recovery partition with it, you can still start up recent Macs with no bootable systems on them in internet recovery mode by holding command-option-R at startup.

Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support

This link along with apple technical support guy coaching me over the phone successfully removed Trovi from all of the places it had hidden itself inside of my computer.

I just removed it from Firefox 35.0.1 on my MacBook Pro by searching for "trovi" in the finder. Deleted both plugin and trovi folder. Quit and then restarted Firefox and then you will need to reset your homepage in Preferences>General back to your preferred home page.

werdup wrote:

 

I just removed it from Firefox 35.0.1 on my MacBook Pro by searching for "trovi" in the finder.

As has been said here repeatedly, that is not adequate for removing Trovi. You need to see some of the other advice on this topic.

What if I upgrade my system from Mavericks to Yosemite, would that remove it?

In addition I just found this removal method by Lync Davis here and found an app called "SearchProtect" which I removed as well.

werdup wrote:

 

What if I upgrade my system from Mavericks to Yosemite, would that remove it?

No, that would not do anything to help this particular problem.

In addition I just found this removal method by Lync Davis

Linc's instructions on that page are outdated, and I never thought they were particularly complete anyway.

For up-to-date removal instructions, see my Adware Removal Guide.

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Hi Thomas,

Actually I did go to your Adware Removal Guide after my post and followed the manual removal instructions. Since I use Firefox I went to

~/Library/Application Support/Firefox/Profiles/ and found the “.default” folder.

Some of the items posted there could not be found and I found something not mentioned. In case this is useful to you my results are below.

abstraction.js NOT FOUND

takeOverNewTab.txt FOUND AND REMOVED

searchplugins/[any file with "Conduit" in the name].xml NO SUCH FILE NAME BUT FOUND A FILE CALLED trovi.xml AND REMOVED IT.

searchplugins/MyBrand.xml NOT FOUND

Thanks

Check out my previous posts about searching for files and deleting.  I found that there were a few other things, other than Trovi that were on my computer from when I got hit.  Keep in mind also that the installer will put files in hidden folders elsewhere on your computer.   I used AdwareMedic and scanned my computer after I had run my initial search and delete.  It found the files in the attached photo that I didn't get before.  During my research after getting hit, some of these names came up and I ran searches through finder and deleted them.  Conduit, Genieo, Buca, FlashMall, and a few others.   The way I noticed that I got hit was that I downloaded FREEWARE from the internet.  During the installation, I just accepted all the recommendations from the installer and clicked NEXT and OK to everything.   Then, when I had deleted stuff and started to reinstall, I noticed that some of those installer recommendations were installing other software like Trovi  and Omnibar and others.   Lesson:  when installing software, read all the popups and decline anything that you do not want to install.  Also, when downloading FREEWARE, even stuff that you are familiar with and trust,   make sure that you download it directly from the developers website.   I got hit again the other day when downloading something that I had been using for years.   I figure that I got it from downloading from a secondhand BUNDLER who takes legitimate downloads and bundles it with the adware and other malware and tricks you into installing the whole bundle.   I just ran Adwaremedic again, as I was writing this and noticed an update.   Make sure your software (Antivirus/AntiMalware... etc.) is updated also.    My latest scan came up clean. 

So I was having the same exact trouble of deleting everything but not getting rid of it. I went into my extensions in my Google chrome settings and disabled something called "Safe Search". That got rid of it immediately. So I deleted it and it hasn't been a problem. Hope that's helpful!

I have gathered information on the Trovi issue and have removed it from my Mac. There are three ways of getting ride of Trovi.

1) If Trovi is on your Chrome, even if you delete it from your chrome extension list, it can come back or won't leave at all. Best case scenario is to just uninstall chrome and reinstall it. Its the best way to get ride of it.

2) If Trovi is on your safari, delete it from your extensions and change your homepage and tab settings. Check both.

3) Find Trovi on your computer, trash any traces of it from your computer, then empty the trash.

I hope this helps.

I have gathered information on the Trovi issue and have removed it from my Mac. There are three ways of getting ride of Trovi.

1) If Trovi is on your Chrome, even if you delete it from your chrome extension list, it can come back or won't leave at all. Best case scenario is to just uninstall chrome and reinstall it. Its the best way to get ride of it.

2) If Trovi is on your safari, delete it from your extensions and change your homepage and tab settings. Check both.

3) Find Trovi on your computer, trash any traces of it from your computer, then empty the trash.

I hope this helps.