Handy142

excude from the scan no its not worth the effort

sorry you have miss under stood i know the files are not bad for me as but i am not gonna share names with the internet

Today, 31/05/2021 11:53:44 Task completed Task completed DESKTOP-R85VD5V\handy Active user had to edit this as it was showing file names I was not happy sharing with the internet - the files was of names I know are NOT a virus and NOT infected Today, 31/05/2021 11:46:36 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\ Today, 31/05/2021 11:46:36 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected archive detected Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:35 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected Password-protected archive detected File C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\ Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:46:34 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected Today, 31/05/2021 11:45:56 C:\ProgramData\Malwarebytes\MBAMService\tmp\bf328db6c1fc11eb91e6d8bbc11446d7\bf328db6c1fc11eb91e6d8bbc11446d7.zip\ Password-protected Password-protected archive detected File C:\ProgramData\Malwarebytes\MBAMService\tmp\bf328db6c1fc11eb91e6d8bbc11446d7\bf328db6c1fc11eb91e6d8bbc11446d7.zip// PROTECTORPACKAGE2027X64A[1].EXE Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:45:56 C:\ProgramData\Malwarebytes\MBAMService\tmp\be82919ac1fc11ebadffd8bbc11446d7\be82919ac1fc11ebadffd8bbc11446d7.zip\ Password-protected Password-protected archive detected File C:\ProgramData\Malwarebytes\MBAMService\tmp\be82919ac1fc11ebadffd8bbc11446d7\be82919ac1fc11ebadffd8bbc11446d7.zip// REIMAGEPACKAGE1956X64B[1].EXE Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:45:56 C:\ProgramData\Malwarebytes\MBAMService\tmp\bac8da50c1fc11eba338d8bbc11446d7\bac8da50c1fc11eba338d8bbc11446d7.zip\AU_.EXE Password-protected Password-protected archive detected File C:\ProgramData\Malwarebytes\MBAMService\tmp\bac8da50c1fc11eba338d8bbc11446d7\bac8da50c1fc11eba338d8bbc11446d7.zip// AU_.EXE Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:45:56 C:\ProgramData\Malwarebytes\MBAMService\tmp\b7b56ca2c1fc11eb8c9ad8bbc11446d7\b7b56ca2c1fc11eb8c9ad8bbc11446d7.zip\BU_.EXE Password-protected Password-protected archive detected File C:\ProgramData\Malwarebytes\MBAMService\tmp\b7b56ca2c1fc11eb8c9ad8bbc11446d7\b7b56ca2c1fc11eb8c9ad8bbc11446d7.zip// BU_.EXE Password-protected DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:45:56 C:\ProgramData\Malwarebytes\MBAMService\tmp\b66eb09cc1fc11eba571d8bbc11446d7\b66eb09cc1fc11eba571d8bbc11446d7.zip\$RH1HK60.EXE Password-protected - Today, 31/05/2021 11:10:51 C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip\7z.exe Detected Detected legitimate software that can be used by intruders to damage your computer or personal data 11240 Databases File C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip 7z.exe Detected Vulnerability Low Exactly DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 11:10:48 Task started Task started DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 10:25:47 Task completed Task completed DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 10:25:24 C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip\7z.exe Detected Detected legitimate software that can be used by intruders to damage your computer or personal data 11240 Databases File C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip 7z.exe Detected Vulnerability Low Exactly DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 10:25:21 Task started Task started DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 10:24:56 Task completed Task completed DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 10:24:33 C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip\7z.exe Detected Detected legitimate software that can be used by intruders to damage your computer or personal data 11240 Databases File C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip 7z.exe Detected Vulnerability Low Exactly DESKTOP-R85VD5V\handy Active user Today, 31/05/2021 10:24:30 Task started Task started i have removed 7 zip as i dint like the fact Kaspersky flagged it

# ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-05-17.1 (Cloud) # Support: https://www.malwarebytes.com/support# # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-31-2021 # Duration: 00:00:05 # OS: Windows 10 Pro # Scanned: 31988 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [2110 octets] - [31/05/2021 18:44:44] AdwCleaner[C00].txt - [2152 octets] - [31/05/2021 18:46:03] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## after doing the reinstall and additional scans ive not seen another Trovi redirect i think its stopped for now. if it comes back all do another and ask the question again ?

thanks for the reply did the reset & clean up before it came back I've today gone in to safe mode emptied out the temp folder fully. but i did the extra of running Kaspersky in safe mode as expected nothing. I've uninstalled and reinstalled google chrome. fingers crossed that's the end of it, i am surprised that the most temperamental virus scanner I've seen didn't stop this thing flat out sounds like there's a hole or two in the iron Curtain. as Trovi can hijack downloaded programs and you may not know that its getting installed.

Found it, its moved in Internet security 21.3.10 to its own option. Its already on yet i've had Trovi come back twice now.

My browser randomly uses TROVI i've looked, looked and looked more scanned till blue in face and this bloody thing will not go away i've tried malware bytes even that turns out nothing found, yet randomly the bloody thing comes back. i am using Google Chrome - ive looked at enabled extensions - Nothing ive just cleard out %temp% am i missing something ?