Review this guide to learn what the Trovi adware is, how it compromises computers, and how to completely remove it from an infected Mac machine.
Update: March 2019
Malware-free macOS is unfortunately turning into a delusion at a steady pace. The good news is it’s not as susceptible to viruses as Windows, but potentially unsafe applications such as adware have been capable of compromising Mac machines for quite a while now. The infection which is the subject of this article is called Trovi, and it’s an extreme nuisance and a big time web surfing experience spoiler. This potentially unwanted code is commonly flagged by antivirus utilities as adware, that is, a program taking advantage of hijacked Internet traffic in order to monetize it and promote certain services. It has been in circulation since 2014 and hasn’t undergone any filtering or blacklisting countermeasures up till the present moment. Five years after discovery, the malware continues to make new victims who are at their wit’s end trying to get rid of the irritating redirects and bring serenity back into their digital lives.
The Trovi threat is known to be closely affiliated with Conduit, or Conduit Search – one of the prevalent homepage hijackers in the wild. So if you’ve got one on your machine, the other is probably there as well. Just like its Conduit satellite, Trovi is distributed as part of freeware whose spreading pattern in no way presupposes declaring that any sort of bundle is coming along. Scrutinizing the Terms of Service for random free multimedia utilities or browser helper objects might help avoid the contamination but, first off, not necessarily, and secondly, there aren’t a whole lot of users doing that as a rule.
This adware changes the web browsing preferences on the infected workstation, namely the values for homepage and default search engine. The Mac versions of Chrome, Firefox, as well as Safari therefore start to act up, constantly returning www.trovi.com or trovigo.com instead of the URLs for the above settings previously configured by the user. There is no actual danger stemming from the landing web page for this adware except for the annoyance aspect. Trovi.com bears a tangible value to its creators, though, because it displays ads to the victims. Whether you click on those banners and sponsored links or not, it’s profitable to Trovi authors. Also, while having no real search functionality in itself, this service redirects all searches to Bing.
On top of the conspicuous browser redirect activity, the Trovi malware deploys a sort of reconnaissance on the plagued Mac. In particular, it drops tracking cookies and gathers the victim’s sensitive data, such as the browsing history, email address, and details of account logon instances. The architects of this campaign then take advantage of the harvested information themselves or sell it to third parties that may conduct targeted phishing attacks and generate spam. The longer the infection remains on board a computer and active, the higher the likelihood of identity theft.
It’s worth pointing out separately that although you only see the impact of Trovi in the way your web browsers behave, it spreads its cyber tentacles much further than that and drops malicious components into multiple paths in the host Mac. The goal of this multi-level compromise tactic is to establish persistence and prevent easy cleanup. That’s why the removal of this adware should be performed in several stages that include resetting the affected web browsers and eliminating the malicious app proper. Below are detailed instructions on what needs to be done.
Trovi manual removal for Mac
The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.
- Open up the Utilities folder as shown below
- Locate the Activity Monitor icon on the screen and double-click on it
- Under Activity Monitor, find the entry for Trovi, select it and click Quit Process
- A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
- Click the Go button again, but this time select Applications on the list. Find the entry for Trovi on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it
- Now go to Apple Menu and pick the System Preferences option
- Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the computer is started up. Locate Trovi there and click on the “-“ button
Get rid of browser redirects to Trovi.com
To begin with, settings for the web browser that got hit by the Trovi virus should be restored to their default values. The overview of steps for this procedure is as follows:
- Reset Safari
- Open the browser and go to Safari menu. Select Preferences in the drop-down list
- Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it
- The system will display a confirmation dialog that also includes a brief description of what the reset does. Specifically, you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click the Remove Now button
- In order to selectively clear data generated by certain websites only, not all of them, hit the Details button under the Privacy section of Safari Preferences
- This feature will list all websites that have stored potentially sensitive data, including cache and cookies. Select the one, or ones, that might be causing trouble and click the appropriate button at the bottom (Remove or Remove All). Click the Done button to exit.
- Open the browser and go to Safari menu. Select Preferences in the drop-down list
- Reset Google Chrome
- Open Chrome, click the More (⁝) icon in the top right-hand part of the window, and select Settings in the drop-down
- When on the Settings pane, select Advanced
- Scroll down to the Reset settings section. Under the Restore settings to their original defaults option, click the Reset settings button
- Confirm the Chrome reset on a dialog that will pop up. When the procedure is completed, relaunch the browser and check it for malware activity.
- Reset Mozilla Firefox
- Open Firefox and select Help – Troubleshooting Information
- On the page that opened, click the Reset Firefox button
Get rid of Trovi virus using Freshmac automatic removal tool
When confronted with malicious code like Trovi on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.
This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the Trovi Mac infection.
- Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software
- Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.
- The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.
- Check whether the Trovi redirect problem has been fixed. If it perseveres, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.
- Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The Trovi malware shouldn’t be causing any further trouble.