Severity scale:  
  (14/100)

Remove Trovi (Removal Guide) - updated Sep 2019

removal by Olivia Morelli - - | Type: Browser Hijackers

Trovi is a potentially unwanted program that can be called a redirect virus because of stealthy distribution techniques

Trovi PUP
Trovi - a browser hijacker which sets the search engine to trovi.com.

Trovi is the website that manipulates your browser settings and changes homepage, search engine, new tab preferences to force you to visit other ad-supported sites. This highly questionable search engine has been labeled as a “browser hijacker” because of its constant redirects to an infamous trovigo.com site.[1] This search engine creates questionable in-browser search results filled with tons of commercial content and each click on an in-text link, pop-up or banner leads to traffic redirects that lead to possibly malicious pages.

Additionally, the PUP injects commercial content to the victim's favorite sites while trying to generate pay-per-click income to its developer ClientConnect Ltd. As a result, you cannot browse the web as conveniently as you did before the hijack of your Windows or MacOS. The virus was noticed for the first time in 2014. In the beginning, the site redirected its victims to Trovi.com. However, at the moment the domain is closed, but it doesn't mean that you won't suffer from redirects when having this virus on the system. If you noticed changes in your homepage and the default search engine on all your browsers, it is clear that you are dealing with the browser hijacker.

Name Trovi
Type Browser hijacker
Sub-type Potentially unwanted program
Browsers affected Chrome, Firefox, Safari, IE, etc.
relates search site trovigo.com, trovi.com
detected as
Symptoms Redirects to sponsored sites, numerous ads on favorite sites, new bookmarks added, etc.
Distribution techniques Relies on bundling. Spears together with HyperCam, VLC Player, BsPlayer, etc.
Removal Remove Trovi with anti-malware tools. Install Reimage to scan the system and see if there is any hijacker on your computer.

The main question after being hijacked is whether you can trust Trovi results provided during your daily searches or not. According to 2spyware research team, the answer is “No”. You shouldn't put yourself at risk by ignoring changes on your web browsers. No matter it might seem that search results are provided by Bing, they can be filled with numerous commercial content seeking to reroute you to sponsored sites.

Trovi virus can easily infiltrate Windows and Mac operating systems thru their backdoors because its developers have been actively using bundling for its distribution. Once inside the system, it can be set to track its victims to know more information about their likes and preferences. Typically, hijackers, adware-type programs and similar PUPs are set to collect NPII. However, the Privacy Policy of this hijacker notifies that it can also collect personal users' data:

However, the data collected may include personally identifiable information or personal data as such terms are defined under applicable laws (“PII” or “Personal Information”) as a necessary part of using the Software & Services.

As long as there is no guarantee that the developer of the PUP is not sharing users' data with third parties, you should remove Trovi from Safari and other web browsers. Besides, it seems that the developer has also been ignoring requests from the Do Not Track browser setting (DNT) which allows disabling tracking from ad networks, social companies, and other interested parties.

Trovi browser hijacker
Trovi browser hijacker - a PUP which uses "bundling" to enter the computer.

Since Trovi.com gets installed on the machine without your permission, you can only notice symptoms of the browser hijacker, not the infiltration. The unwanted and intrusive activity frustrates people firstly, but the issue is with questionable content that user gets exposed to due to these browser redirects.

Main symptoms of this fake search engine Trovi include:

  • Changed default preferences of the browser;
  • Homepage set to Trovi.com or trovigo.com;
  • All searches automatically go to Trovi Search related sites;
  • Commercial content appears on every browser window;
  • Browser extensions, tools, toolbars, and add-ons get installed without permission.

All this Trovi behavior, unfortunately, significantly diminishes the time online and affects the speed of your PC. However, to end all the associated processes you need a full system scan. Try to install Reimage or SpyHunter 5Combo Cleaner and run a system check to get rid of all PUPs that got installed behind your back.

Be aware that you may run into several issues while trying to get rid of Trovi Search from Mac and Windows. Similarly to another PUP called Conduit, the virus uses browser helper objects (BHOs)[2] and similar techniques to hide from its user and prevent removal. As a consequence, it might recover itself right after you reboot your computer.[3]

To perform the full Trovi removal from Chrome, Safari, IE and other browsers that have been hijacked, we recommend resetting each of these web browsers. However, before that, you should uninstall the virus with all suspicious apps that could be related to this hijacker. Additionally, check the system with the antivirus tool for leftover files and possible damage.

Trovi unwanted application

PUP.Optional.Trovi – a common detection name for Trovi browser hijacker

Trovi.com is a cyber threat based on the browser that affects every online search attempt with questionable content and altered results. PUP.Optional.Trovi is one of the heuristic names that show up on the screen when Malwarebytes, in this case, or other AV tools detect the suspicious activity of the potentially unwanted program. This is not the only result of detection related to Trovi, but the most common.

Users mainly complain that the browser becomes slow and delivers suspicious material when such alerts and results show up on the machine. When PUP.Optional.Trovi alerts show up daily on the screen, and you cannot use the computer normally react as soon as possible and remove this threat. The program may cause difficulties when trying to quarantine this threat because other traces of the hijack are left behind and continue to cause detection alerts.

Try scanning the machine fully with the antivirus tool that you use in the first place or employ another anti-malware program and clean the system entirely. This way you can remove this Trovi hijacker with all the traces and parts that trigger threat detections and PUP.Optional.Trovi alerts stop occurring.

Remember that PUP.Optional.Trovi is not the only detection result that is associated with Trovi. You may also encounter PUP.Optional.Trovi.A, PUP.Optional.Trovi.B, and PUP.Optional.Conduit. All of them show up when Trovi.com lures on the machine.

PUP.Optional.Trovi - Trovi detection
Trovi is the cyber threat that triggers AV tools to show alerts with PUP.Optional.Trovi, PUP.Optional.Trovi.A or PUP.Optional.Trovi.B results.
 

Choosing Advanced or Custom installation options can help to avoid PUP infiltration

It is very likely that you haven't noticed how this browser hijacker infiltrated your computer. That's because this deceptive program spreads bundled with other free software and might be spotted only if you closely follow the installation of the freeware or shareware. 

Main facts to remember when discussing the distribution of this browser hijacker:

  • According to researchers[4], you can download this virus together with HyperCam, VLC Player, BsPlayer and many other programs promoted on the Internet for free. This method is called “bundling”;
  • To avoid unwanted components, opt for Custom/Advanced installation mode and look for suggestions, such as “Set XXX as a default homepage” or “I agree to install XXX as a default search engine” during the installation of Bs Player and similar programs. Make sure you deselect them;
  • Various questionable websites might also include dubious components, such as infected ads. If you like visiting unknown pages on the Internet, like Torrent sites, adult-themed sites and similar, there is a big chance of getting a browser hijacker. Stay away from aggressive ads offering free add-ons, tools to improve your computer's speed, toolbars, etc. 

Make sure to remove Trovi from Mac and Windows as soon as possible

Trovi virus is the browser hijacker that involves various browsing tracking functions and potentially may lead to privacy issues or even additional scams when malicious actors use already stolen information to target people. Such potentially unwanted programs cause more problems than you may think.

If you want to remove Trovi from Chrome, Safari, and other web browsers, you need to reset them at first. However, there is always a risk of seeing the same hijacker on the system after rebooting the computer.

To prevent that, you need not only to clean your infected browsers but also get rid of all PUPs hiding in your PC system. The easiest way to do that is to run a full system scan with updated anti-malware. It will refresh your computer system by eliminating each unwanted program.

If you have been struggling with Trovi removal, use programs that we presented below. They have been checked while testing this PUP. However, if you are using your own anti-virus, note that different apps have different files included in their virus database and the software you are running can fail in virus termination. Be careful and try alternative scanners if browser-hijacking app recovered after PC's reboot.

You can remove virus damage automatically with a help of one of these programs: Reimage, SpyHunter 5Combo Cleaner, Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Trovi, follow these steps:

Delete Trovi from Windows systems

To get rid of Trovi from Windows, check your recently-installed apps and get rid of all suspicious ones with the help of the following steps. You must uninstall HyperCam, VLC Player, BsPlayer, and similar viruses:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Trovi and related programs
    Here, look for Trovi or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove Trovi from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Erase Trovi from Mac OS X system

If you are wondering how to get Trovi off your Mac, check the guide presented below. Eliminate all MacOS apps that you don't know or you can't remember installing:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for Trovi or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Eliminate Trovi from Google Chrome

To remove Trovi from Google Chrome, use the instructions presented by our experts. If it keeps coming back, use the automatic removal option.

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Trovi and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete Trovi removal. Click on 'Reset' button to complete your removal

Delete Trovi from Safari

To help you get rid of the PUP from Safari, we prepared the following guide:

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Trovi or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by Trovi, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Trovi removal process. Select all options and click on 'Reset' button

Uninstall Trovi from Internet Explorer (IE)

To clean IE, complete these instructions carefully:

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for Trovi and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete Trovi removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Remove Trovi from Microsoft Edge

Clean Microsoft Edge by following this guide:

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, Trovi should be removed from your Microsoft Edge browser.

Get rid of Trovi from Mozilla Firefox (FF)

Refresh Mozilla Firefox with the help of these guidelines:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Trovi and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Trovi removal. Click on 'Reset Firefox' button for a couple of times

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References

Removal guides in other languages


Your opinion regarding Trovi