When using Google Chrome on my Macbook Pro, I've got a homepage popping up that is a search engine called "Trovi". Below is a screen shot of what comes up when I first open Chrome. My settings are normal inside Chrome, and this only pops up the first time Chrome is opened. Has anyone had a problem with this, and if so, what is your recommended method for removal of this virus?
MacBook Pro, OS X Mavericks (10.9.2)
My problems were fixed as was expressed in this topic. I know this is something that a lot of people don't want to hear but, go back to the top of the thread and read the way it all transpired. I don't remember all the steps or details that I took to remove Trovi from my computer but they are expressed above. From my memory, basically, I started to do some cleanup on my computer. As popups came up I ran the names of the services or programs through my finder. Click GO at the top of your screen and run the name through the search. Ie., Trovi. You will find some files. Delete them. Keep a list of things that come up and run those names and delete them also. Go to your browsers. You will want to check ALL your browsers. Chrome, Firefox, Safari etc.,
Trovi is a web search engine that also links to ADWARE. In addition to hijacking your browsers, it sends information to ad companies who can track your web searches send info to advertisers and send you annoying popup ads. There is the possibility that it can also send private information to third parties. What it does is goes to ALL your browsers and replaces your settings to bring up the TROVI search engine instead of Google or whatever you have set.
There are a few settings in Google and Firefox etc. that need to be changed. Home Page, Default Browser are a couple that come to mind. Make sure all your Preference settings are properly set to your preferences. Also change your extensions. You are not finished though as Trovi and other programs that often accompany it will also place components into your "Hidden Files" on your computer. You need to go to your HOME folder and select Library. There is a file in there called Application Support. Check there and remove files from there also. If it isn't mentioned here, look into how to view and search HIDDEN FOLDERS. There should be a way to do it easily without inserting code but I don't remember where it is. Removing your browsers and re-installing them is not a bad idea. In fact, I did do that. But, remember, when you, say, search for GOOGLE through your Finder, you may not be getting all of it. Delete your GOOGLE folder from your Applications Folder and go into your Library>Application Support and remove Google from there too. Repeat for other programs that you need to delete.
Lastly, I downloaded a program called Adware Medic. When I finished all this and my computer seemed to be running normally, I ran AdwareMedic on my Macbook. It found a few more files which it deleted. Amazingly, the list of files that it found were all associated with the same programs and services that I searched for originally. Files that I thought had been deleted.
Another bit of info to remember. Trovi and other programs are usually installed on your computer with your consent. How they do it is tricky and deceptive. I got the adware from downloading FREEWARE from the internet. I tried to download a reliable program that i had used before. Not having any suspicions, and without adequately reading the popups, I just clicked YES or Continue or NEXT on the various installation steps. It turns out that a couple of those steps asked if I wanted to install Trovi as my default browser and Did I want to install other programs. After deleting everything and getting my browsers working again, I tried again to install the freeware. This is where I discovered the step asking about Trovi. I declined that. That is when I got another one asking if I wanted to install YAHOO as my browser. I zipped past that without thinking and Guess what? Now all my browsers were hijacked by YAHOO and some of the adware came back. Back to square one and repeated all my steps, Ran Adware Medic again.... So, the point of this paragraph. When you download software from the internet, even programs that seem legitimate and reliable, MAKE SURE YOU ARE DOWNLOADING FROM THE SOFTWARE DEVELOPERS SITE. Some Freeware is also distributed by third parties who BUNDLE it with other programs (TROVI ETC.) and install it all on your computer. They take popular software and, apparently, use it, perhaps as a "Tojan Horse" to get you to install their applications on your system.
I've done okay with these direction up to step 5.
When I click on the "+" sign by the Save button, I don't get an option box. What I get is this: under the heading "Search: This Mac 'Trash'" was a lighter gray bar with "Kind" and up and down arrows in it, the word "is" and then another little box with "Any" and up and down arrows in it. I don't see any box labeled "Option."
So when I follow step 5, "Click on the first option box that shows up," which to me appears to be "Kind," I do not get a new box that allows me to "Search and select systems files" (step 6). I just get a menu list. When I click the last item in that menu list, "Other," I get a box with the heading "Select a search attribute."
What am I supposed to do with that? When I try to type in "systems files" in the little box with the magnifying glass icon opposite "Select a search attribute" nothing happens.
What am I missing with these instructions?
I really, really hate computers. Nothing about them is straightforward or easy. Nothing.
Perpetual Frustration wrote:
What am I missing with these instructions?
You're missing the fact that those instructions aren't any good at all. Ignore them. Even if you follow them to the letter, you're still not going to remove all components of the Trovi adware.
Instead, see my Adware Removal Guide for help removing it.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
this is for anyone having troubles with trovi in the future. I accidentally got it downloaded and was **** ****** off. after reading all different forums and stuff for hours and nothing worked I downloaded this free application called Adware Medic (DL Link: http://www.adwaremedic.com/index.php) i installed this thing. ran it. deleted whatever it found. and restarted my computer and everything was back to normal. so all my searching on the internet and reading wasting hours and getting ****** off was settled with about 12 clicks.
Please dont get too upset about it like i did. just download the thing and u will be fine.
Thanks for the link, MarcoLimongelli.
AdwareMedic has joined with Malwarebytes. Here is the link: http://www.malwarebytes.org/mac-download/
Save your time and forget all the previous post on how to remove Trovi. They don't work.
Don't bother with all the complicated procedures in this thread. I called Apple and they talked me through using the malware remover from www.malwarebytes.org. It took about 30 seconds and solved the problem completely. Removed it froM all browsers.
This helped me removing the trovi page on startup:
Hint from the from the Trovi Page itself:
Chrome Removal
You might want to consider starting a new discussion. Since this one is a couple of years old, less people are likely to look at it. You can link to this one.
Download this program which was written by Thomas Reed, a long time poster. The program will do the work for you which makes it easy.
Malwarebytes Anti-Malware for Mac 10.8 and later
What should I do if Malwarebytes Anti-Malware for Mac didn't solve my problem?
Some steps are there for removal of malware that are as followed .
First of all go to finder > applications if trovi or called by other names conduit , my brand , search protect is to be found do a right click on it and move to trash .
Now , click on go > computer > macintosh HD > library
Find trovi in these folders
1. application support
2.launch agents
3.launch daemons
4.priviledged helper tools
5.preferences .
6.start up items
7.scripting additions
8.frameworks
9.input metods
10.internetplugins
11.caches
Then , click on go > hold option key > library
Find trovi malware in these folders
1.application support
2.caches
3.cookies
4.internet plugins
5.input methods
6.preferences
7.launch agents - if it exists in mac pro OS X 10.9.2 as this folder is removed in el capitan for sure .
8.saved application state .
And finally : click on go > computer > macintosh HD > system > library > framework
If trovi files are found remove them by doing a right click > move to trash .
Now, the the very important step to be followed is restart from apple logo > empty the trash .
Generally trovi could be found in these folders
applications/searchprotect.app
library/launchagents/com.conduit.loader.agent.plist
library/launchdaemons/com.perion.searchprotected.plist
library/applicationsupport/SIMBL/plugins/CT2285220.bundle
library/internet-plugins/conduitNPAPIPplugin.plugin
library/internet-plugins/TroviNPAPIPplugin.plugin
library/inputmanagers/CTloader - input manager is removed in latest el capitan
Uhm - any of you are getting "Search with Trovi" on a right click (happens on a selected text in any program - Mail, Text Edit, etc.
Thanks
In addition I just found this removal method by Lync Davis here and found an app called "SearchProtect" which I removed as well.
Thats didnt work for me.
Please HELP
yes, already tried that
look at this, now trovi is out but got now a bunch of adds that are driving me crazy
What browser are you using ?
Is it in all ?
Have you reset them ?
Trovi Virus Removal Needed
