Trovi (Removal Guide) - updated Jul 2019
Trovi Removal Guide
What is Trovi?
Trovi is a potentially unwanted program that can be called a redirect virus because of stealthy distribution techniques
Trovi - a browser hijacker which sets the search engine to trovi.com.
Trovi is the website that manipulates your browser settings and changes homepage, search engine, new tab preferences to force you to visit other ad-supported sites. This highly questionable search engine has been labeled as a “browser hijacker” because of its constant redirects to an infamous trovigo.com site.[1] This search engine creates questionable in-browser search results filled with tons of commercial content and each click on an in-text link, pop-up or banner leads to traffic redirects that lead to possibly malicious pages.
Additionally, the PUP injects commercial content to the victim's favorite sites while trying to generate pay-per-click income to its developer ClientConnect Ltd. As a result, you cannot browse the web as conveniently as you did before the hijack of your Windows or MacOS. The virus was noticed for the first time in 2014. In the beginning, the site redirected its victims to Trovi.com. However, at the moment the domain is closed, but it doesn't mean that you won't suffer from redirects when having this virus on the system. If you noticed changes in your homepage and the default search engine on all your browsers, it is clear that you are dealing with the browser hijacker.
Name | Trovi |
---|---|
Type | Browser hijacker |
Sub-type | Potentially unwanted program |
Browsers affected | Chrome, Firefox, Safari, IE, etc. |
relates search site | trovigo.com, trovi.com |
detected as |
|
Symptoms | Redirects to sponsored sites, numerous ads on favorite sites, new bookmarks added, etc. |
Distribution techniques | Relies on bundling. Spears together with HyperCam, VLC Player, BsPlayer, etc. |
Removal | Remove Trovi with anti-malware tools. Install FortectIntego to scan the system and see if there is any hijacker on your computer. |
The main question after being hijacked is whether you can trust Trovi results provided during your daily searches or not. According to 2spyware research team, the answer is “No”. You shouldn't put yourself at risk by ignoring changes on your web browsers. No matter it might seem that search results are provided by Bing, they can be filled with numerous commercial content seeking to reroute you to sponsored sites.
Trovi virus can easily infiltrate Windows and Mac operating systems thru their backdoors because its developers have been actively using bundling for its distribution. Once inside the system, it can be set to track its victims to know more information about their likes and preferences. Typically, hijackers, adware-type programs and similar PUPs are set to collect NPII. However, the Privacy Policy of this hijacker notifies that it can also collect personal users' data:
However, the data collected may include personally identifiable information or personal data as such terms are defined under applicable laws (“PII” or “Personal Information”) as a necessary part of using the Software & Services.
As long as there is no guarantee that the developer of the PUP is not sharing users' data with third parties, you should remove Trovi from Safari and other web browsers. Besides, it seems that the developer has also been ignoring requests from the Do Not Track browser setting (DNT) which allows disabling tracking from ad networks, social companies, and other interested parties.
Trovi browser hijacker - a PUP which uses "bundling" to enter the computer.
Since Trovi.com gets installed on the machine without your permission, you can only notice symptoms of the browser hijacker, not the infiltration. The unwanted and intrusive activity frustrates people firstly, but the issue is with questionable content that user gets exposed to due to these browser redirects.
Main symptoms of this fake search engine Trovi include:
- Changed default preferences of the browser;
- Homepage set to Trovi.com or trovigo.com;
- All searches automatically go to Trovi Search related sites;
- Commercial content appears on every browser window;
- Browser extensions, tools, toolbars, and add-ons get installed without permission.
All this Trovi behavior, unfortunately, significantly diminishes the time online and affects the speed of your PC. However, to end all the associated processes you need a full system scan. Try to install FortectIntego or SpyHunter 5Combo Cleaner and run a system check to get rid of all PUPs that got installed behind your back.
Be aware that you may run into several issues while trying to get rid of Trovi Search from Mac and Windows. Similarly to another PUP called Conduit, the virus uses browser helper objects (BHOs)[2] and similar techniques to hide from its user and prevent removal. As a consequence, it might recover itself right after you reboot your computer.[3]
To perform the full Trovi removal from Chrome, Safari, IE and other browsers that have been hijacked, we recommend resetting each of these web browsers. However, before that, you should uninstall the virus with all suspicious apps that could be related to this hijacker. Additionally, check the system with the antivirus tool for leftover files and possible damage.
Trovi browser hijacker - a PUP which gathers and provides search results from Bing.
PUP.Optional.Trovi – a common detection name for Trovi browser hijacker
Trovi.com is a cyber threat based on the browser that affects every online search attempt with questionable content and altered results. PUP.Optional.Trovi is one of the heuristic names that show up on the screen when Malwarebytes, in this case, or other AV tools detect the suspicious activity of the potentially unwanted program. This is not the only result of detection related to Trovi, but the most common.
Users mainly complain that the browser becomes slow and delivers suspicious material when such alerts and results show up on the machine. When PUP.Optional.Trovi alerts show up daily on the screen, and you cannot use the computer normally react as soon as possible and remove this threat. The program may cause difficulties when trying to quarantine this threat because other traces of the hijack are left behind and continue to cause detection alerts.
Try scanning the machine fully with the antivirus tool that you use in the first place or employ another anti-malware program and clean the system entirely. This way you can remove this Trovi hijacker with all the traces and parts that trigger threat detections and PUP.Optional.Trovi alerts stop occurring.
Remember that PUP.Optional.Trovi is not the only detection result that is associated with Trovi. You may also encounter PUP.Optional.Trovi.A, PUP.Optional.Trovi.B, and PUP.Optional.Conduit. All of them show up when Trovi.com lures on the machine.
Trovi is the cyber threat that triggers AV tools to show alerts with PUP.Optional.Trovi, PUP.Optional.Trovi.A or PUP.Optional.Trovi.B results.
Choosing Advanced or Custom installation options can help to avoid PUP infiltration
It is very likely that you haven't noticed how this browser hijacker infiltrated your computer. That's because this deceptive program spreads bundled with other free software and might be spotted only if you closely follow the installation of the freeware or shareware.
Main facts to remember when discussing the distribution of this browser hijacker:
- According to researchers[4], you can download this virus together with HyperCam, VLC Player, BsPlayer and many other programs promoted on the Internet for free. This method is called “bundling”;
- To avoid unwanted components, opt for Custom/Advanced installation mode and look for suggestions, such as “Set XXX as a default homepage” or “I agree to install XXX as a default search engine” during the installation of Bs Player and similar programs. Make sure you deselect them;
- Various questionable websites might also include dubious components, such as infected ads. If you like visiting unknown pages on the Internet, like Torrent sites, adult-themed sites and similar, there is a big chance of getting a browser hijacker. Stay away from aggressive ads offering free add-ons, tools to improve your computer's speed, toolbars, etc.
Make sure to remove Trovi from Mac and Windows as soon as possible
Trovi virus is the browser hijacker that involves various browsing tracking functions and potentially may lead to privacy issues or even additional scams when malicious actors use already stolen information to target people. Such potentially unwanted programs cause more problems than you may think.
If you want to remove Trovi from Chrome, Safari, and other web browsers, you need to reset them at first. However, there is always a risk of seeing the same hijacker on the system after rebooting the computer.
To prevent that, you need not only to clean your infected browsers but also get rid of all PUPs hiding in your PC system. The easiest way to do that is to run a full system scan with updated anti-malware. It will refresh your computer system by eliminating each unwanted program.
If you have been struggling with Trovi removal, use programs that we presented below. They have been checked while testing this PUP. However, if you are using your own anti-virus, note that different apps have different files included in their virus database and the software you are running can fail in virus termination. Be careful and try alternative scanners if browser-hijacking app recovered after PC's reboot.
You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
Getting rid of Trovi. Follow these steps
Uninstall from Windows
To get rid of Trovi from Windows, check your recently-installed apps and get rid of all suspicious ones with the help of the following steps. You must uninstall HyperCam, VLC Player, BsPlayer, and similar viruses:
Instructions for Windows 10/8 machines:
- Enter Control Panel into Windows search box and hit Enter or click on the search result.
- Under Programs, select Uninstall a program.
- From the list, find the entry of the suspicious program.
- Right-click on the application and select Uninstall.
- If User Account Control shows up, click Yes.
- Wait till uninstallation process is complete and click OK.
If you are Windows 7/XP user, proceed with the following instructions:
- Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
- In Control Panel, select Programs > Uninstall a program.
- Pick the unwanted application by clicking on it once.
- At the top, click Uninstall/Change.
- In the confirmation prompt, pick Yes.
- Click OK once the removal process is finished.
Delete from macOS
If you are wondering how to get Trovi off your Mac, check the guide presented below. Eliminate all MacOS apps that you don't know or you can't remember installing:
Remove items from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for all related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Remove from Google Chrome
To remove Trovi from Google Chrome, use the instructions presented by our experts. If it keeps coming back, use the automatic removal option.
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
Change your homepage:
- Click menu and choose Settings.
- Look for a suspicious site in the On startup section.
- Click on Open a specific or set of pages and click on three dots to find the Remove option.
Reset Google Chrome:
If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Delete from Safari
To help you get rid of the PUP from Safari, we prepared the following guide:
Remove unwanted extensions from Safari:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Remove from Microsoft Edge
Clean Microsoft Edge by following this guide:
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
Remove from Mozilla Firefox (FF)
Refresh Mozilla Firefox with the help of these guidelines:
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of Trovi registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting browser hijacker
Stream videos without limitations, no matter where you are
There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.
Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.
Data backups are important – recover your lost files
Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.
While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.
- ^ Margaret Rouse. Browser hijacker (browser hijacking). Search Security. Tech Target.
- ^ What Is a BHO (Browser Helper Object)?. Lifewire. Expert advice stepping you through problems so you can get back to the business of living.
- ^ Can't completely remove Trovi from Chrome. Google Chrome Help Forum.
- ^ SenzaVirus.it. SenzaVirus. Spyware news page.