Solved how to remove trovi

August 2, 2015 at 16:02:50
Specs: Windows 7
I have run Malwarebytes but that didnt work. Still the Trovi is there. I have checked the control panel to see if I could find it or Conduit but I cant. What should I now do. Thx.

See More: how to remove trovi

Report •

#1
August 2, 2015 at 16:09:51
✔ Best Answer
Run these two on it, in the order given:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

They are focussed on browser malware and quite different to MalwareBytes. If they find anything please copy/paste the logs on here.

Always pop back and let us know the outcome - thanks


Report •

#2
August 2, 2015 at 19:36:30
Here is the log from the ADW Cleaner. My computer was rebooted by the Trovi redirect is still there on Chrome. Running the Junkware Removal Tool now but as you said, it has stopped and I am waiting for it to start running again.

# AdwCleaner v4.208 - Logfile created 02/08/2015 at 21:12:00
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Sylvia T - SYLVIAT-PC
# Running from : C:\Users\Sylvia T\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\Program Files (x86)\Driver Detective
Folder Deleted : C:\Windows\TEMP\apn
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Folder Deleted : C:\Program Files\DriverAssist
Folder Deleted : C:\Users\Sylvia T\AppData\Local\YSearchUtil
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : [x64] HKLM\SOFTWARE\DriverAssist
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.about.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v44.0.2403.125

[C:\Users\Sylvia T\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_39_ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtAyCzz0BtDtAtCzztByBtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyC0AyByBtC0ByC0CtGzztA0B0EtGtAyB0D0FtGzzzyyEyEtGtCtByC0D0BtCyC0Azy0D0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytD0FtD0AtByCtGyE0DyB0CtGyE0E0DyDtGzyzztAtCtGtDyCyBtA0DyE0AzzyE0E0F0A2Q&cr=1086924593&ir=
[C:\Users\Sylvia T\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sylvia T\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sylvia T\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/

*************************

AdwCleaner[R3].txt - [8760 bytes] - [05/05/2015 16:40:06]
AdwCleaner[R4].txt - [8823 bytes] - [05/05/2015 19:32:50]
AdwCleaner[R5].txt - [3748 bytes] - [02/08/2015 21:06:24]
AdwCleaner[S3].txt - [8611 bytes] - [05/05/2015 19:33:59]
AdwCleaner[S4].txt - [3656 bytes] - [02/08/2015 21:12:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3715 bytes] ##########


Report •

#3
August 2, 2015 at 20:01:10
Ran the Junk Removal Tool; The system got to System Checking and then there were many lines with Access Denied. So this tool really didn't work.

Report •

Related Solutions

#4
August 2, 2015 at 20:02:38
We are on the right track, you have partially removed the malware, here is the next step.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#5
August 2, 2015 at 20:40:06
Got to go out for about 4 hrs, here is your next step, after you do my post #4.
I can then go through the logs when I get back.

Here is my time zone.
http://www.timeanddate.com/worldclo...

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#6
August 2, 2015 at 21:23:53
Trovi provides uninstall instructions:

http://info.trovi.com/Uninstall

which I assume will work although I've never had occasion to try them. It would be a good idea to run the other malware scans as it may not be the only unwanted software you have on your computer.


Report •

#7
August 3, 2015 at 15:21:15
Ran the Combo Fix but it didn't work. This is one hard software to remove.

So after two days of trying things, I have gone and bought Spyhunter and it has worked. The Trovi redirect has now gone. If you run Spyhunter and then try to delete from your system, the company will give you a buy the software offer at 75% off. That was appealing and so for $10.00 this pesky software was removed.

Thank you for your support.


Report •

#8
August 3, 2015 at 18:57:15
Tsujis did you read post #6?

Report •

#9
August 5, 2015 at 09:24:30
"Ran the Combo Fix but it didn't work"
If by "didn't work" you mean it didn't fix the issue (rather than didn't even run) then it would be best not to assume that any one program will suddenly do some magic.

Worth following all suggestions but Johnw is taking you through a process to dismantle the malware bit by bit until the computer is clean.

Always pop back and let us know the outcome - thanks


Report •

Ask Question