quartz_watch

Q: The Trovi and Veerolo virus

The article https://support.apple.com/HT203987 suggests that blocking popups is the answer.  Then many websites will fail.  I have sent to Apple Product security the javascript that an infected browser puts in the body of every page body (too big for this post).  It seems to simulate a search textbox.  However, at the end, it does something if popups are blocked.  The domains are trovi.com, veerolo.com and bing.com.  Trovi.com is one symptom when it shows up as your default home page and search engine (which triggers the javascript).  Another symptom is that it puts InstallExtensions.app into your login startup scripts.  It either uses or infects some part of WebKit, which most browsers are based on.

 

https://discussions.apple.com/docs/DOC-3036 is correct.  One entry point is MacKeeper.

MacBook Pro with Retina display, OS X El Capitan (10.11.6)

Posted on Aug 23, 2016 9:36 AM

Close

Q: The Trovi and Veerolo virus

  • All replies
  • Helpful answers