Q: how do i get Trovi off my macbook pro

Read http://www.mac-forums.com/forums/security-awareness/314633-bing-trovi-malware.ht ml

That link isn't useful anymore. There is nothing about removing it from a Mac.

Helpful Links Regarding Malware Problems

If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.

Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

Fix Some Browser Pop-ups That Take Over Safari.

 

Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

 

Quit Safari

 

Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

 

Relaunch Safari

 

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

 

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:

  Mac OS X Snow Leopard and malware detection

  OS X Lion- Protect your Mac from malware

  OS X Mountain Lion- Protect your Mac from malware

  OS X Mavericks- Protect your Mac from malware

  About file quarantine in OS X

If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

The link does say:

Thanks to you all for the advice.

After 4 hours of much aggravation the cure was simple, as it always is if you know what the 'recipe' is.

I did everything noted in the replies, to no avail. THEN, it hit me.. I had to alter SAFARI before anything would come back like I had on Safari.

Go to Safari, click EXTENSIONS, remove the aggravating advertising by Trovi, brought to me by Bing. Then Click GENERAL and remove BING and make sure that (for me) the default engine is Google, with Google Chrome as the Default web Browser. 

Double check the Homepage you want: Mine is Gmail, so make sure it says what you want,

then press Set to Current Page. 

Viola! Everything goes back to normal.

If it hadn't been for the Reply Help I wouldn't have understood what the General and Extensions choices in Safari PREFERENCES was. If it happens again, make sure you change Safari before you change anything else. Thanks again my friends, for your help. Francey

A way to go for clarity. Why not be more specific where to find the information.

You may have installed the "SearchProtect" browser hijack, perhaps under a different name. Remove it as follows.

Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data before proceeding.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchDaemons/com.perion.searchprotectd.plist

Right-click or control-click the line and select

          Services ▹ Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "com.perion.searchprotectd.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Applications/SearchProtect
~/Library/Application Support/Firefox/searchplugins/MyBrand.xml
~/Library/Application Support/Google/Chrome/External Extensions/fjadmdmahkpbhgbmmkiiaanlnlekelmn.json
~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/deacruzemiliano@outlook.com
~/Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin
~/Trovi

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

Quit and relaunch Safari. From the menu bar, select

          Safari ▹ Preferences... ▹ Extensions

Uninstall any extensions you don't know you need, including any that have the word "Trovi" or "palmall" in the description. If in doubt, uninstall all extensions.

Reset the default search engine and home page to what it was before.

"SearchProtect" may be distributed along with two other applications: "MacKeeper," which is a scam, and "ZipCloud," which, if not actually a scam, has a dubious reputation. Ask if you need instructions to remove those items.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

Well I may have forgotten to say scroll down and read what is presented on the page.  Next time I will be more specific and advise the OP to read.  Thanks for your tip.

Are you saying that you had this problem and solved the entire issue by only removing one extension and resetting the search and homepage settings, or are you just reporting what this web site says? I'm not aware of any Safari extensions involved with this and the replier didn't mention it's exact name, only the Internet Plug-In.  The other files which are normally installed along with the browser extensions and plugins have been found by other users to re-infect their Mac if left in place.

Ocean20 wrote:

 

Read http://www.mac-forums.com/forums/security-awareness/314633-bing-trovi-malware.ht ml

It's important to understand that the instructions on that page are totally inadequate for removing Trovi, aka Conduit, aka SearchProtect.

Linc's directions are a big step better, but still are not sufficient for all variants of this adware. In addition to a number of other possible files that may be installed, some variants of this adware will modify the Firefox app itself (if Firefox is installed), requiring deletion and reinstallation of Firefox.

For more complete removal instructions, see:

http://www.thesafemac.com/arg-conduit/

(Fair disclosure: I may receive compensation from links to my site and software, in the form of buttons allowing for donations. Donations are not required to use my site or software.)

This is what I learned. When I removed Trovi from Safari, I found a (2) files that said Trovi in my download files. Do a search. Once I trashed the file, Safari was fine. However, Mozilla was not. For Mozilla, I went to help, then troubleshooting information, then reset Mozilla on the right hand side. It reset everything to defaults and VOILA! no Trovi on Mozilla Fire Fox.

Jackie D.

See my response below Kappy. Way at the bottom. I posted a new comment.

Jackie D.

That's really not adequate to remove Trovi (aka Conduit) in most cases. Be aware that some variants of this adware are known to make direct modifications to the Firefox app itself, so since you're using Firefox, you should trash Firefox and reinstall a fresh copy, among other things.

See some of the other comments here on how to remove it.