The Trovi Virus

[paulsl]

Hello,

I'm craving an indulgence with this post and if the moderators would like to remove it then that's OK, Forum rules rule. I'm posting it because it "might come in handy" and save someone a lot of pain.

At some point last week SWMBO's computer managed to acquire the Trovi virus. Your average virus scanner will let it through because it's a PUP (potentially unwanted program) delivered by a piece of software that you do want. It's an added 'extra' that you are usually asked about, or, as the Boss found out, it just happens.

The Trovi virus is a browser hijacker that makes www . trovi . com your default search engine on all the browsers on your computer. You can follow the removal instructions on Trovi's site and after a very long and tortuous process you'll achieve nothing. Google will find you many solutions, almost all involving installing freeware. Can you say "Catch 22"?

So, this is what I worked out and I hope that it will help someone somewhere. These instructions assume Windows 7, you may have to adapt accordingly.

• 1. Open the Services program (Start,Search,Services).
  2. Find the service called 'Search Control'
  3. Right click on it and open the Properties for it.
  4. Make a note of the name of the service at the top of the dialogue' It will probably be 'CltMgrSvc'.
  5. Stop the service, and then Disable it.

After you restart you computer your browser(s) should be back to normal, although you may have to reset your home page and toolbar(s). If they're not then read on, but you will need some computer 'savvy'.

If like me, you are disappointed that you can't terminate with extreme prejudice the scum that did this to you and, not being the head of an international assassination squad, we'll have to be satisfied with terminating the software, so here we go. You will need to be an Administrator to do this.

• 1. Open a command window (Start,Search,cmd)
  2. At the prompt enter 'sc delete CltMgrSvc' (or the name it had in Properties) and press enter. This will work, or, most likely, put out a message that "Access is Denied". It doesn't really matter either way.
  3. Open the Registry Editor (Start,Search,regedit.exe)
  4. Click on 'Computer'at the top of the tree on the left and press Ctrl&F. in the search box enter 'Search Control' and press Enter.
  5.If anything is found delete the containing key from the tree on the left and press F3.
  6. Do this until no more entries are found.
  7. Repeat steps 4 to 6 using 'CltMgrSvc', and then again using 'Client Control LTD'.
  8. Close the editor
  9. Use the File Explorer to look in C:\Program Files (& C:\Program Files (x86) if you're a 64 bit user). Delete any folders named "Search Control" or "Client Control LTD"
  10. Save any other work you have going and reboot the computer.

This should clean out this particular piece of nastiness. You might still have to reset your home page and toolbars though.

I hope that this is of some use to anyone who gets this particular piece of rubbish. Much as it pains me to say it, the lowlife garbage that came up with this thing did it well.

Paul

[Tomliner]

Hi Paul.I picked up this nasty little piece of sh*t a couple of weeks ago having accidentally clicked on an incorrect source for an update of Ccleaner which I wanted.
Having read some info online,I then removed a couple of offending programmes,installed Malwarebytes and scanned with that.I then checked add ons in my copy of Firefox.
After that I got a good update for Ccleaner and ran it.Then ran a full scan with my internet security software.
All seems to be ok now.BTW,I'm still using XP for now but I don't think that was anything to do with it. EricT

[Airspeed]

I found my Firefox toolbar jiggered, and searches would only go through ZENsearch.
How it got there is beyond me, probably some little tick that I didn't notice and un-tick.
For me, it was simpler, it showed up in installed programmes, and I deleted it. All back to normal.