Monday, December 1, 2014

Removing the Trovi 'Virus' and Other Browser Hijackers

I've had multiple calls in the past two weeks about what's become known as the Trovi Virus, as well as other Browser Hijackers. These aren't technically viruses, but are considered malware, and, in short, have the ability to change your browser's homepage to their preferred ad-laden page, effectively cutting off your regular internet habits and in some cases, suggesting your computer is infected, and urging you to call a number and hire them to clean up your machine. I've seen at least 3 cases where people have paid upwards of 3 and even 500 dollars to these scammers.


Because there have been at least 4 different examples of these browser hijackers, I don't have a quick one-step solution to be able to fix these problems. The first thing I would suggest is DO NOT call a foreign number, DO NOT give them your credit card number or computer password, and DO NOT give them access to your computer.

Here are some steps you should take if you suspect you've been infected, and to avoid this situation in the future.

1. Have a back-up or secondary browser. If your Safari becomes infected, you will be able to at least browse the internet and / or download software to eradicate this malware.

2. If Safari has been infected, reset Safari in the Safari menu. To reset Safari 8 in Yosemite, quit the application, then relaunch it holding down the shift key.

3. After resetting Safari, you may also have to reset your homepage. One of the things the Trovi Virus does is change your homepage to its own nefarious search engine. Do this in the Safari general settings.

4. Delete cookies and turn off javascript. You can do this in your Safari Security and Privacy preferences.

5. If you can't get into your Safari preferences because of the malware, you may have to boot in Safe Mode, which will turn off all extensions and allow you to do system maintenance. To do this, restart the machine while holding down the Shift key.

6. DO NOT download MacKeeper. It has no value, I don't trust it, and I consider it malware too.

7. Try downloading and running AdWareCleaner. I generally don't trust 3rd party applications, but I  had success with it on one occasion. ADWAREMEDIC DOWNLOAD LINK

8. You may have to dig a little deeper into your system and user library to remove preference files relating to the Conduit, Only-Search, and Trovi toolbars.

9. Keep your system software up to date. Generally Apple responds quickly to situations like this and will release a Security Update to deal with it. I haven't seen anything yet, but I'm still hoping.

10. DO NOT download and install any Anti-Virus for Mac softwares. They don't work and I've seen them interfere with internet connectivity.

11. Download and enable the Adblock extension from the Apple site. This will remove most ads from most sites.

As you can see, there are multiple issues and multiple solutions going on. I'll keep updating this post to reflect the solutions I've used.