Jump to content

Trovi keeps coming back. Am I missing something?


Go to solution Solved by richbuff,

Recommended Posts

Posted

My browser randomly uses TROVI i've looked, looked and looked more scanned till blue in face and this bloody thing will not go away i've tried malware bytes even that turns out nothing found,

yet randomly the bloody thing comes back. 

i am using Google Chrome - ive looked at enabled extensions - Nothing 

ive just cleard out %temp%

am i missing something ?

 

  • Solution
Posted

Welcome. Please click below and follow the instructions to clean up: 

Link

Link

Any better after that?

Posted

Found it, its moved in Internet security 21.3.10 to its own option.

 

Its already on yet i've had Trovi come back twice now.

 

Flood and Flood's wife
Posted

Found it, its moved in Internet security 21.3.10 to its own option. Its already on yet i've had Trovi come back twice now.

 

Hello @Handy142.

⚠ Did you do all the steps in @richbuff’s tutorial? 

  1. Run Chrome Reset & cleanup → chrome://settings/reset. 
  2. Exit Chrome → do not restart atm
  3. Run Windows in Safe Mode
  4. Go to & delete all files in C:\Users\USER\AppData\Local\Temp  USER = your name. 
  5. Return Windows to normal mode. 
  6. Run a manual KIS Database update →  allow it to complete.
  7. Start Chrome, recheck Trovi? 

Let us know the outcome please?

Thank you🙏

Flood🐳 +🐋

Posted

thanks for the reply

did the reset & clean up before it came back

I've today gone in to safe mode emptied out the temp folder fully.

but i did the extra of running Kaspersky in safe mode as expected nothing.

I've uninstalled and reinstalled google chrome.

fingers crossed that's the end of it, i am surprised that the most temperamental virus scanner I've seen  didn't stop this thing flat out sounds like there's a hole or two in the iron Curtain.

as Trovi can hijack downloaded programs and you may not know that its getting installed. 

Flood and Flood's wife
Posted

Hello @Handy142

You’re most welcome🙂 !

  • ➡ Go to KIS Reports, find the TROVI alerts, save the Report as a .txt file & attach📎 to your reply? 

IF you’ve done the 10 steps outlined by @richbuff  & the steps we’ve provided & Trovi still comes back, log a case with Kaspersky Technical Support, fill in the Malware, Detected threat appears over & over again template; Support may request Logs, Traces & other data, they will guide you: 

 

 

  • ⚠ Logs & traces can be big to very big; run for only as long as it takes to replicate the issue &, if any of the files cannot be attached to the incident, don’t use Webdav, simply upload the files to any cloud service of your choice, create a share link & add the share link to the incident. 
  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.

When Technical Support provide an answer, please share their information with the Community? 

Thank you🙏

Flood🐳 +🐋

Posted

@Handy142

Additionally :
Please run AdwCleaner as ADMIN and provide the TXT Log in your next Post.
⚠ Please don’t clean eventual detections ⚠

Posted

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support:  https://www.malwarebytes.com/support />#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-31-2021
# Duration: 00:00:05
# OS:       Windows 10 Pro
# Scanned:  31988
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2110 octets] - [31/05/2021 18:44:44]
AdwCleaner[C00].txt - [2152 octets] - [31/05/2021 18:46:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

after doing the reinstall and additional scans ive not seen another Trovi redirect i think its stopped for now.

if it comes back all do another and ask the question again ?

 

Flood and Flood's wife
Posted

Hello @Handy142

Thank you for the update. 

Are there any TROVI events in the KIS Reports? IF “yes”, save the Report as a .txt file & attach📎 to your reply? 

Thank you🙏

Flood🐳 +🐋

Posted

@Handy142  Thank you for submitting your report that doesn’t display malicious software.

 Personally  I have in mind “not_a_virus”  , please  run a full Kaspersky scan ?

Posted

Today, 31/05/2021 11:53:44        Task completed    Task completed                                        DESKTOP-R85VD5V\handy    Active user

had to edit this as it was showing file names I was not happy sharing with the internet - the files was of names I know are NOT a virus and NOT infected

 

 

Today, 31/05/2021 11:46:36  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected         

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\

Today, 31/05/2021 11:46:36    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected            File    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected               
Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected            File    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\       Password-protected                DESKTOP-R85VD5V\handy    Active user

Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\  Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\  Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\936\Attachments\ Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\ Password-protected                DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 11:46:35  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected archive detected          

 
Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\  Password-protected               


Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected                DESKTOP-R85VD5V\handy    Active user

Today, 31/05/2021 11:46:35    C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected    Password-protected archive detected            File  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\

Password-protected                DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 11:46:34  

 C:\Users\handy\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\    Password-protected 
    
Today, 31/05/2021 11:45:56    C:\ProgramData\Malwarebytes\MBAMService\tmp\bf328db6c1fc11eb91e6d8bbc11446d7\bf328db6c1fc11eb91e6d8bbc11446d7.zip\        Password-protected    Password-protected archive detected            File  

 C:\ProgramData\Malwarebytes\MBAMService\tmp\bf328db6c1fc11eb91e6d8bbc11446d7\bf328db6c1fc11eb91e6d8bbc11446d7.zip//    PROTECTORPACKAGE2027X64A[1].EXE    Password-protected                DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 11:45:56  

 C:\ProgramData\Malwarebytes\MBAMService\tmp\be82919ac1fc11ebadffd8bbc11446d7\be82919ac1fc11ebadffd8bbc11446d7.zip\        Password-protected    Password-protected archive detected            File  

 C:\ProgramData\Malwarebytes\MBAMService\tmp\be82919ac1fc11ebadffd8bbc11446d7\be82919ac1fc11ebadffd8bbc11446d7.zip//    REIMAGEPACKAGE1956X64B[1].EXE    Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:45:56    C:\ProgramData\Malwarebytes\MBAMService\tmp\bac8da50c1fc11eba338d8bbc11446d7\bac8da50c1fc11eba338d8bbc11446d7.zip\AU_.EXE    Password-protected    Password-protected archive detected            File  

 C:\ProgramData\Malwarebytes\MBAMService\tmp\bac8da50c1fc11eba338d8bbc11446d7\bac8da50c1fc11eba338d8bbc11446d7.zip//    AU_.EXE    Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:45:56    C:\ProgramData\Malwarebytes\MBAMService\tmp\b7b56ca2c1fc11eb8c9ad8bbc11446d7\b7b56ca2c1fc11eb8c9ad8bbc11446d7.zip\BU_.EXE    Password-protected    Password-protected archive detected            File  

 C:\ProgramData\Malwarebytes\MBAMService\tmp\b7b56ca2c1fc11eb8c9ad8bbc11446d7\b7b56ca2c1fc11eb8c9ad8bbc11446d7.zip//    BU_.EXE    Password-protected                DESKTOP-R85VD5V\handy    Active user


Today, 31/05/2021 11:45:56    C:\ProgramData\Malwarebytes\MBAMService\tmp\b66eb09cc1fc11eba571d8bbc11446d7\b66eb09cc1fc11eba571d8bbc11446d7.zip\$RH1HK60.EXE    Password-protected

-

   Today, 31/05/2021 11:10:51    C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip\7z.exe    Detected    Detected legitimate software that can be used by intruders to damage your computer or personal data    11240    Databases    File    C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip    7z.exe    Detected    Vulnerability    Low    Exactly    DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 11:10:48        Task started    Task started                                        DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 10:25:47        Task completed    Task completed                                        DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 10:25:24    C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip\7z.exe    Detected    Detected legitimate software that can be used by intruders to damage your computer or personal data    11240    Databases    File    C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip    7z.exe    Detected    Vulnerability    Low    Exactly    DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 10:25:21        Task started    Task started                                        DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 10:24:56        Task completed    Task completed                                        DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 10:24:33    C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip\7z.exe    Detected    Detected legitimate software that can be used by intruders to damage your computer or personal data    11240    Databases    File    C:\Program Files (x86)\MSI\One Dragon Center\Smart Tool\7zip    7z.exe    Detected    Vulnerability    Low    Exactly    DESKTOP-R85VD5V\handy    Active user
Today, 31/05/2021 10:24:30        Task started    Task started

 

 

i have removed 7 zip as i dint like the fact Kaspersky flagged it

Posted

excude from the scan no its not worth the effort

Guest
This topic is now closed to further replies.


×
×
  • Create New...