Severity scale:  

Remove Trovi (Removal Guide) - updated Sep 2020

removal by Olivia Morelli - - | Type: Browser Hijackers

Trovi is a potentially unwanted program that can be called a redirect virus because of stealthy distribution techniques

Trovi PUPTrovi - a browser hijacker which sets the search engine to

Trovi is the website that manipulates your browser settings and changes homepage, search engine, new tab preferences to force you to visit other ad-supported sites. This highly questionable search engine has been labeled as a “browser hijacker” because of its constant redirects to an infamous site.[1] This search engine creates questionable in-browser search results filled with tons of commercial content and each click on an in-text link, pop-up or banner leads to traffic redirects that lead to possibly malicious pages.

Questions about Trovi

Additionally, the PUP injects commercial content to the victim's favorite sites while trying to generate pay-per-click income to its developer ClientConnect Ltd. As a result, you cannot browse the web as conveniently as you did before the hijack of your Windows or MacOS. The virus was noticed for the first time in 2014. In the beginning, the site redirected its victims to However, at the moment the domain is closed, but it doesn't mean that you won't suffer from redirects when having this virus on the system. If you noticed changes in your homepage and the default search engine on all your browsers, it is clear that you are dealing with the browser hijacker.

Name Trovi
Type Browser hijacker
Sub-type Potentially unwanted program
Browsers affected Chrome, Firefox, Safari, IE, etc.
relates search site,
detected as
Symptoms Redirects to sponsored sites, numerous ads on favorite sites, new bookmarks added, etc.
Distribution techniques Relies on bundling. Spears together with HyperCam, VLC Player, BsPlayer, etc.
Removal Remove Trovi with anti-malware tools. Install Reimage Reimage Cleaner Intego to scan the system and see if there is any hijacker on your computer.

The main question after being hijacked is whether you can trust Trovi results provided during your daily searches or not. According to 2spyware research team, the answer is “No”. You shouldn't put yourself at risk by ignoring changes on your web browsers. No matter it might seem that search results are provided by Bing, they can be filled with numerous commercial content seeking to reroute you to sponsored sites.

Trovi virus can easily infiltrate Windows and Mac operating systems thru their backdoors because its developers have been actively using bundling for its distribution. Once inside the system, it can be set to track its victims to know more information about their likes and preferences. Typically, hijackers, adware-type programs and similar PUPs are set to collect NPII. However, the Privacy Policy of this hijacker notifies that it can also collect personal users' data:

However, the data collected may include personally identifiable information or personal data as such terms are defined under applicable laws (“PII” or “Personal Information”) as a necessary part of using the Software & Services.

As long as there is no guarantee that the developer of the PUP is not sharing users' data with third parties, you should remove Trovi from Safari and other web browsers. Besides, it seems that the developer has also been ignoring requests from the Do Not Track browser setting (DNT) which allows disabling tracking from ad networks, social companies, and other interested parties.

Trovi browser hijackerTrovi browser hijacker - a PUP which uses "bundling" to enter the computer.

Since gets installed on the machine without your permission, you can only notice symptoms of the browser hijacker, not the infiltration. The unwanted and intrusive activity frustrates people firstly, but the issue is with questionable content that user gets exposed to due to these browser redirects.

Main symptoms of this fake search engine Trovi include:

  • Changed default preferences of the browser;
  • Homepage set to or;
  • All searches automatically go to Trovi Search related sites;
  • Commercial content appears on every browser window;
  • Browser extensions, tools, toolbars, and add-ons get installed without permission.

All this Trovi behavior, unfortunately, significantly diminishes the time online and affects the speed of your PC. However, to end all the associated processes you need a full system scan. Try to install Reimage Reimage Cleaner Intego or SpyHunter 5Combo Cleaner and run a system check to get rid of all PUPs that got installed behind your back.

Be aware that you may run into several issues while trying to get rid of Trovi Search from Mac and Windows. Similarly to another PUP called Conduit, the virus uses browser helper objects (BHOs)[2] and similar techniques to hide from its user and prevent removal. As a consequence, it might recover itself right after you reboot your computer.[3]

To perform the full Trovi removal from Chrome, Safari, IE and other browsers that have been hijacked, we recommend resetting each of these web browsers. However, before that, you should uninstall the virus with all suspicious apps that could be related to this hijacker. Additionally, check the system with the antivirus tool for leftover files and possible damage.

Trovi unwanted application

PUP.Optional.Trovi – a common detection name for Trovi browser hijacker is a cyber threat based on the browser that affects every online search attempt with questionable content and altered results. PUP.Optional.Trovi is one of the heuristic names that show up on the screen when Malwarebytes, in this case, or other AV tools detect the suspicious activity of the potentially unwanted program. This is not the only result of detection related to Trovi, but the most common.

Users mainly complain that the browser becomes slow and delivers suspicious material when such alerts and results show up on the machine. When PUP.Optional.Trovi alerts show up daily on the screen, and you cannot use the computer normally react as soon as possible and remove this threat. The program may cause difficulties when trying to quarantine this threat because other traces of the hijack are left behind and continue to cause detection alerts.

Try scanning the machine fully with the antivirus tool that you use in the first place or employ another anti-malware program and clean the system entirely. This way you can remove this Trovi hijacker with all the traces and parts that trigger threat detections and PUP.Optional.Trovi alerts stop occurring.

Remember that PUP.Optional.Trovi is not the only detection result that is associated with Trovi. You may also encounter PUP.Optional.Trovi.A, PUP.Optional.Trovi.B, and PUP.Optional.Conduit. All of them show up when lures on the machine.

PUP.Optional.Trovi - Trovi detectionTrovi is the cyber threat that triggers AV tools to show alerts with PUP.Optional.Trovi, PUP.Optional.Trovi.A or PUP.Optional.Trovi.B results.  

Choosing Advanced or Custom installation options can help to avoid PUP infiltration

It is very likely that you haven't noticed how this browser hijacker infiltrated your computer. That's because this deceptive program spreads bundled with other free software and might be spotted only if you closely follow the installation of the freeware or shareware. 

Main facts to remember when discussing the distribution of this browser hijacker:

  • According to researchers[4], you can download this virus together with HyperCam, VLC Player, BsPlayer and many other programs promoted on the Internet for free. This method is called “bundling”;
  • To avoid unwanted components, opt for Custom/Advanced installation mode and look for suggestions, such as “Set XXX as a default homepage” or “I agree to install XXX as a default search engine” during the installation of Bs Player and similar programs. Make sure you deselect them;
  • Various questionable websites might also include dubious components, such as infected ads. If you like visiting unknown pages on the Internet, like Torrent sites, adult-themed sites and similar, there is a big chance of getting a browser hijacker. Stay away from aggressive ads offering free add-ons, tools to improve your computer's speed, toolbars, etc. 

Make sure to remove Trovi from Mac and Windows as soon as possible

Trovi virus is the browser hijacker that involves various browsing tracking functions and potentially may lead to privacy issues or even additional scams when malicious actors use already stolen information to target people. Such potentially unwanted programs cause more problems than you may think.

If you want to remove Trovi from Chrome, Safari, and other web browsers, you need to reset them at first. However, there is always a risk of seeing the same hijacker on the system after rebooting the computer.

To prevent that, you need not only to clean your infected browsers but also get rid of all PUPs hiding in your PC system. The easiest way to do that is to run a full system scan with updated anti-malware. It will refresh your computer system by eliminating each unwanted program.

If you have been struggling with Trovi removal, use programs that we presented below. They have been checked while testing this PUP. However, if you are using your own anti-virus, note that different apps have different files included in their virus database and the software you are running can fail in virus termination. Be careful and try alternative scanners if browser-hijacking app recovered after PC's reboot.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Trovi, follow these steps:

Delete Trovi from Windows systems

To get rid of Trovi from Windows, check your recently-installed apps and get rid of all suspicious ones with the help of the following steps. You must uninstall HyperCam, VLC Player, BsPlayer, and similar viruses:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Trovi and related programs
    Here, look for Trovi or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove Trovi from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Erase Trovi from Mac OS X system

If you are wondering how to get Trovi off your Mac, check the guide presented below. Eliminate all MacOS apps that you don't know or you can't remember installing:

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove Trovi from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for Trovi-related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove Trovi, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to Trovi and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the Trovi-related entries.Uninstall from Mac 2

Eliminate Trovi from Google Chrome

To remove Trovi from Google Chrome, use the instructions presented by our experts. If it keeps coming back, use the automatic removal option.

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Trovi and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete Trovi removal. Click on 'Reset' button to complete your removal

Delete Trovi from Safari

To help you get rid of the PUP from Safari, we prepared the following guide:

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Trovi or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by Trovi, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Trovi removal process. Select all options and click on 'Reset' button

Uninstall Trovi from Internet Explorer (IE)

To clean IE, complete these instructions carefully:

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for Trovi and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example,
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete Trovi removal.Reset Internet Explorer

Remove Trovi from Microsoft Edge

Clean Microsoft Edge by following this guide:

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the Trovi-related extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Get rid of Trovi from Mozilla Firefox (FF)

Refresh Mozilla Firefox with the help of these guidelines:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Trovi and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Trovi removal. Click on 'Reset Firefox' button for a couple of times

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

Removal guides in other languages

Your opinion regarding Trovi