When using Google Chrome on my Macbook Pro, I've got a homepage popping up that is a search engine called "Trovi". Below is a screen shot of what comes up when I first open Chrome. My settings are normal inside Chrome, and this only pops up the first time Chrome is opened. Has anyone had a problem with this, and if so, what is your recommended method for removal of this virus?
MacBook Pro, OS X Mavericks (10.9.2)
This is a malware that installs 2 different pieces of adware.. the 1st is the conduit plugin and the 2nd is the vsearchA adware.
I wrote an applescript to remove this if you want to use it. Just open up the AppleScript Editor which is located in your Applications/Utilities folder. Copy the script below and paste it into the AppleScript Editor and then press Run.
set Question to display dialog ¬
"Please quit all browsers before running this script" buttons {"Cancel", "Run"} default button 1
if button returned of Question is "Run" then
try
do shell script "rm -r /System/Library/Frameworks/VSearch.Framework; rm -r /Library/Application Support/VSearch; rm /Library/LaunchAgents/com.vsearch.agent.plist; rm /Library/LaunchDaemons/com.vsearch.daemon.plist; rm /Library/LaunchDaemons/com.vsearch.helper.plist; rm -r ~/Conduit" with administrator privileges
do shell script "defaults write com.apple.Safari HomePage -string www.google.com && defaults write com.apple.Safari SearchProviderIdentifier -string com.google.www"
do shell script "rm ~/Library/Application\\ Support/Google/Chrome/Default/Preferences"
on error the error_messagenumber the error_number
end try
end if
I don't know if you're still having problems, but I may have a solution regardless. I had the same problem and did a bit of research. You can't exactly uninstall the program, and apple doesn't have a control panel with the add/remove programs option that you have on a PC. I may be wrong, but I believe the reason behind this is because everything is treated like an application. A program isn't removed by uninstalling it, but by throwing it away, which can be difficult to accept by PC users. Anyway...
You need to throw Trovi away. But there's sort of a process to it if you want to completely get rid of it, which you do.
1. Go to your trash.
2. Search for "Trovi".
3. Make sure the "This Mac" search option is chosen, instead of "Trash".
4. Click on the "+" by the save button.
5. Click on the first option box that shows up. I'm assuming the current option will be "Kind". Choose "Other".
6. A new box should appear. Search and select "System files".
7. You should now be back in the "Trash" box. Where "Kind" was once, the option should now read "System files". The option box directly to the right may read "aren't included". Select the option "are included".
8. You may now throw all that shows up in the trash. It will delete everything related to Trovi.
Once this is done you may close your trash bin and Trovi should be completely gone from your Mac!
*Quick note-the "+" may or may not show up in your trash after typing in "Trovi" while it is still open. Try closing chrome, safari, firefox, internet exploror, or any other search engines if this is the case.
Good luck!
Check out my previous posts about searching for files and deleting. I found that there were a few other things, other than Trovi that were on my computer from when I got hit. Keep in mind also that the installer will put files in hidden folders elsewhere on your computer. I used AdwareMedic and scanned my computer after I had run my initial search and delete. It found the files in the attached photo that I didn't get before. During my research after getting hit, some of these names came up and I ran searches through finder and deleted them. Conduit, Genieo, Buca, FlashMall, and a few others. The way I noticed that I got hit was that I downloaded FREEWARE from the internet. During the installation, I just accepted all the recommendations from the installer and clicked NEXT and OK to everything. Then, when I had deleted stuff and started to reinstall, I noticed that some of those installer recommendations were installing other software like Trovi and Omnibar and others. Lesson: when installing software, read all the popups and decline anything that you do not want to install. Also, when downloading FREEWARE, even stuff that you are familiar with and trust, make sure that you download it directly from the developers website. I got hit again the other day when downloading something that I had been using for years. I figure that I got it from downloading from a secondhand BUNDLER who takes legitimate downloads and bundles it with the adware and other malware and tricks you into installing the whole bundle. I just ran Adwaremedic again, as I was writing this and noticed an update. Make sure your software (Antivirus/AntiMalware... etc.) is updated also. My latest scan came up clean.
One more question. After doing this, looks like trovi is gone; see the screenshot:
However, when I right click on some words in textedit, it shows search with Trovi.
How can I remove this one? Please help. I'm fed up of this trovi.!! 😟
After running AdwareMedic, if your system seems to be clean (ie, it's not still having problems with inappropriate ads and redirects in the browser), then it should be clean. If there's any doubt in your mind, though, feel free to contact me privately. (I'm the developer of AdwareMedic.) You can use AdwareMedic to take a system snapshot (Take System Snapshot in the Scanner menu) and submit it to me at The Safe Mac.
Doing a clean reinstall of your system can't hurt, but it's also a lot of unnecessary work. No known Mac adware has been documented to actually involve any real malware or spyware. That doesn't mean it couldn't happen in the future, but it's never been seen to happen before. Still, if reinstalling the system is needed to set your mind at ease, then by all means go ahead and do it, even if it's not strictly necessary.
If you want to create a flash drive with the system installer on it, see:
Create a bootable installer for OS X Mavericks or Yosemite - Apple Support
However, note that this really isn't important unless your internet is very slow or has a download cap, and you want to avoid downloading it again in the future. If that's not the case, even if your hard drive dies, taking the recovery partition with it, you can still start up recent Macs with no bootable systems on them in internet recovery mode by holding command-option-R at startup.
Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
This link along with apple technical support guy coaching me over the phone successfully removed Trovi from all of the places it had hidden itself inside of my computer.
i really appreciate the steps to run malware bytes , but please add a point after # 3 when malware bytes is dragged and dropped in application folder open application folder and find malware bytes ,right click on it then it will prompt for user name password . please enter it . after that click on scan .
Malware bytes is in download folder , so empty it by right clicking it to trash as .dmg files occupy hard disk space .finally restart from apple logo and empty the trash .
A very useful article is there : OS X Yosemite: Open an app from an unidentified developer
Hello, This post is so diluted I thought I'd help someone out directly.
✅
I'm not sure Trojan/Virus is the right word to use.
I think you've just gotten an unwanted search provider.
That ad needs some refinement also...
How to fix:
Chrome Settings > Extensions > Remove Trovi
Also
In Settings > Scroll down to search > Manage search engines > Remove everything but your preferred search engine.
Trovi is a new one for me, but often these sorts of things are driven by existing adware or network issues. See my Adware Removal Guide and see if anything there solves it. If not, post back here for further suggestions.
I can go in and refine the settings. However, it's not just an unwanted search provider as I have gone and already removed all of the unwanted search engines and checked the extensions. And yet, every time you open the first time, it popped.
Having said that, I have found a fix. I simply went in and reset my defaults in Chrome, and it was gone. I'm not sure how this could completely remove the issue, but for now it does not seem to be there anymore. I'll update if this changes.
Daniel, please create a new discussion (and reference this one)
In your new thread,
Describe your system version
What browsers are used (do you see Trovi on all of them or not?)
Have you reset them to default?
Have you seen Thomas_r's adware removal guide? (and followed it?)
Please use the information in this discussion so that we can help you.
Well as its in Safari and you have tried all the options already given
Back up all you folders/files etc and clean install your system. You can not remove safari without a clean install.
Delete all your other browsers except Safari from your applications folders
and try this again
http://blog.qisupport.com/remove-trovi-com-iesafarichromefirefoxopera-manual-rem oval/
You do not give any info as to which operating system you are using or what year mac etc
so search these forums on how to do a clean install depending on your equipment
1. Delete all cookies. Remove conduit search engine. Set your page a blank. Reset all browsers. Don't restart the browsers.
2. Go to library/system/ and library/system/Internet Plug-Ins/. Find all related to 'conduit' and 'vsearch'. Delete them.
3. Go to llibrary/system/ and library/system/Internet Plug-Ins/. Find all related to 'conduit' and 'vsearch'. Delete them.
4. Reboot.
I hope it'll work for you!
vfrawley
Thank you so much! Your instruction was perfect and it worked! The process was very easy to follow and took no time to go thru and have Trovi be dead and gone from my Mac. What a relief. I've bookmarked your post in case I ever get Trovi at any time in the future.
Thank you again!
cjlavin
Trovi Virus Removal Needed
