Severity scale:  
  (14/100)

Trovi. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Browser hijacker

Trovi – redirect virus which uses stealthy techniques to redirect its victims to sponsored domains

Trovi
Trovi - a browser hijacker which sets the search engine to trovi.com.

Trovi is a highly questionable search engine that has been labeled as a “browser hijacker” because of its constant redirects to an infamous trovigo.com site.[1] Additionally, the PUP adds commercial content to victim's favorite sites while trying to generate pay-per-click income to its developer ClientConnect Ltd. As a result, you cannot browse the web as conveniently as you did before the hijack of your Windows or MacOS. The virus was noticed for the first time in 2014. In the beginning, the site redirected its victims to Trovi.com. However, at the moment the domain is closed, but it doesn't mean that you won't suffer from redirects when having this virus on the system. If you noticed changes in your homepage and the default search engine on all your browsers, it is clear that you are dealing with the browser hijacker.

Name Trovi
Type Browser hijacker
Sub-type Potentially unwanted program
Browsers affected Chrome, Firefox, Safari, IE, etc.
relates search site trovigo.com
detected as
  • PUP.Optional.Trovi
  • PUP.Optional.Conduit
Symptoms Redirects to sponsored sites, numerous ads on favorite sites, new bookmarks added, etc.
Distribution techniques Relies on bundling. Spears together with HyperCam, VLC Player, BsPlayer, etc.
Removal Install Reimage to scan the system and see if there is any hijacker on your computer.

The main question after being hijacked is whether you can trust Trovi results provided during your daily searches or not. According to 2spyware research team, the answer is “No”. You shouldn't put yourself at risk by ignoring changes on your web browsers. No matter it might seem that search results are provided by Bing, they can be filled with numerous commercial content seeking to reroute you to sponsored sites.

Trovi virus can easily infiltrate Windows and Mac operating systems thru their backdoors because its developers have been actively using bundling for its distribution. Once inside the system, it can be set to track its victims to know more information about their likes and preferences. Typically, hijackers, adware-type programs and similar PUPs are set to collect NPII. However, the Privacy Policy of this hijacker notifies that it can also collect personal users' data:

However, the data collected may include personally identifiable information or personal data as such terms are defined under applicable laws (“PII” or “Personal Information”) as a necessary part of using the Software & Services.

As long as there is no guarantee that the developer of the PUP is not sharing users' data with third parties, you should remove Trovi from Safari and other web browsers. Besides, it seems that the developer has also been ignoring requests from the Do Not Track browser setting (DNT) which allows disabling tracking from ad networks, social companies, and other interested parties.

Be aware that you may run into several issues while trying to get rid of Trovi from Mac and Windows. Similarly to another PUP called Conduit, the virus uses browser helper objects (BHOs)[2] and similar techniques to hide from its user and prevent removal. As a consequence, it might recover itself right after you reboot your computer.[3]

To perform the full Trovi removal from Chrome, Safari, IE and other browsers that have been hijacked, we recommend resetting each of these web browsers. However, before that, you should uninstall the virus with all suspicious apps that could be related to this hijacker. Additionally, check the system with Reimage for leftover files and possible damage.

Infiltration techniques used by this browser hijacker

It is very likely that you haven't noticed how this browser hijacker infiltrated your computer. That's because this deceptive program spreads bundled with other free software and might be spotted only if you closely follow the installation of the freeware or shareware. 

Main facts to remember when discussing the distribution of this browser hijacker:

  • According to researchers[4], you can download this virus together with HyperCam, VLC Player, BsPlayer and many other programs promoted on the Internet for free. This method is called “bundling”;
  • To avoid unwanted components, opt for Custom/Advanced installation mode and look for suggestions, such as “Set XXX as a default homepage” or “I agree to install XXX as a default search engine” during the installation of Bs Player and similar programs. Make sure you deselect them;
  • Various questionable websites might also include dubious components, such as infected ads. If you like visiting unknown pages on the Internet, like Torrent sites, adult-themed sites and similar, there is a big chance of getting a browser hijacker. Stay away from aggressive ads offering free add-ons, tools to improve your computer's speed, toolbars, etc. 

Ways to remove Trovi from Mac and Windows

Trovi unwanted application
Trovi browser hijacker - a PUP which gathers and provides search results from Bing.

If you want to remove Trovi from Chrome, Safari, and other web browsers, you need to reset them at first. However, there is always a risk of seeing the same hijacker on the system after rebooting the computer. To prevent that, you need not only to clean your infected browsers but also get rid of all PUPs hiding in your PC system. The easiest way to do that is to run a full system scan with updated anti-malware. It will refresh your computer system by eliminating each unwanted program.

If you have been struggling with Trovi removal, use programs that we presented below. They have been checked while testing this PUP. However, if you are using your own anti-virus, note that different apps have different files included in their virus database and the software you are running can fail in virus termination. Be careful and try alternative scanners if browser-hijacking app recovered after PC's reboot.

You can remove virus damage automatically with a help of one of these programs: Reimage, Malwarebytes MalwarebytesCombo Cleaner, Plumbytes Anti-MalwareMalwarebytes Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Trovi, follow these steps:

WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Delete Trovi from Windows systems

To get rid of Trovi from Windows, check your recently-installed apps and get rid of all suspicious ones with the help of the following steps. You must uninstall HyperCam, VLC Player, BsPlayer, and similar viruses:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs).Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Trovi and related programs
    Here, look for Trovi or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove Trovi from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Erase Trovi from Mac OS X system

If you are wondering how to get Trovi off your Mac, check the guide presented below. Eliminate all MacOS apps that you don't know or you can't remember installing:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for Trovi or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'
WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Eliminate Trovi from Google Chrome

To remove Trovi from Google Chrome, use the instructions presented by our experts. If it keeps coming back, use automatic removal option.

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Trovi and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete Trovi removal. Click on 'Reset' button to complete your removal
WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Delete Trovi from Safari

To help you get rid of the PUP from Safari, we prepared the following guide:

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Trovi or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by Trovi, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Trovi removal process. Select all options and click on 'Reset' button
WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Uninstall Trovi from Internet Explorer (IE)

To clean IE, complete these instructions carefully:

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for Trovi and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete Trovi removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Remove Trovi from Microsoft Edge

Clean Microsoft Edge by following this guide:

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, Trovi should be removed from your Microsoft Edge browser.

WindowsMac OS XGoogle ChromeSafariInternet ExplorerMicrosoft EdgeFirefox

Get rid of Trovi from Mozilla Firefox (FF)

Refresh Mozilla Firefox with the help of these guidelines:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Trovi and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Trovi removal. Click on 'Reset Firefox' button for a couple of times

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References

Removal guides in other languages