Jump to content

Trovi installed somehow, but is not detected.


Recommended Posts

Everytime I go to a site, my DNS "fails" to resolve it, because Trovi is somehow installed. Sometimes when I do a search in the address bar, it will try and go thru the Trovi search engine, which my antivirus blocks, so good for that, however, when it does block, it fails to resolve the DNS. When I go to a website (for example, youtube.com), sometimes the DNS will fail to resolve, which I believe is the result of my antivirus blocking Trovi from loading, which means it is still on my computer somewhere, and Malwarebytes comes up clean. Attached are the required files. Thank you!

MalwareBytesScan_05062020at2230.txt Addition.txt FRST.txt

Link to post
Share on other sites

Hi,    :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.
Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.
 

 

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.
 

Link to post
Share on other sites

Thanks for that report.  Where and how to you see "Trovi" ??

Is that in any way at all on a Block notice-message-window from the Malwarebytes Web protection ?    does that show some "Block" notice ?

if so, is that on the Chrome browser ???

 

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.0.774.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.
 

Link to post
Share on other sites

So I have seen it on all of my browsers (Firefox, Chrome, and Cryptotab (that mines bitcoin for me while I browse the web, NOT HARMFUL, also is a Chromium browser), but what will happen is I will try and search something, using the default Cryptotab browser (It will just redirect to Bing, which is fine by me anyways), will just go straight to give me the error DNS_PROBE_FINISHED_NO_INTERNET, and in the search bar is Trovi attempting to query my search. It has not done that in any other browser probably because I haven't tested the other ones heavily as much. I am currently using Cloudflare's DNS resolver (1.1.1.1/1.0.0.1), which works out for me. I have not tested much in Google Chrome and Firefox because I do not use those browsers as much, but I attempted to go to google.com in both, and Chrome gives me the same error, and Firefox could not find that website. Now if I go to a website (e.g. youtube.com, google.com, etc.), what will happen is it will say the same thing, and Windows Diagnostics will say "Your DNS server may be unavailable, because attempts to resolve google.com/youtube.com failed." When trovi shows up in my search bar attempted to query, it will just go straight to DNS_PROBE_FINISHED_NO_INTERNET. As a test, I went directly to "trovi.com" and Malwarebytes came up and blocked it, but if I do a search a Trovi comes up trying to complete the query, it will just go staight to NO_INTERNET, and Malwarebytes does not intervene.

And then, when I go to a website, it will do that DNS_PROBE_NO_INTERNET thing, and sometimes Windows Diagnostics will not find a problem, and then the website will just magically load afterwards. It is driving me nuts.

Attached is the required zip. Thanks!

mbst-grab-results.zip

Link to post
Share on other sites

Looking at the Malwarebytes block history,   I notice the block on Trovi is happening when CryptoTab Browser is in use.

I truly need for you to find the way to Delete all Cache, history,  and cookies in that web browser !

Also check real real close what the Search preference is on that browser.   Also see what the Start & Home page is set to.

I have to count on you to do all that.   I am entirely unfamiliar with that we browser.

 

Second thing I notice.  There have been web protection exceptions noted by Malwarebytes on WarThunder    specifically on its  launcher.exe.

Did you pay for that app ?   If not, lets see about uninstalling WarThunder.

 

This next section is just to help get DNS  to normal.

Start NOTEPAD { you can press Windows-key+R keys to get the RUN option
and then type  in 

notepad.exe


and press Enter key to start NOTEPAD.

Check and make sure "word wrap" is off. 
From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines below to Notepad:


@Echo on
pushd\windows\system32
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset resetlog.log
shutdown -r -t 1





now Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

Edited by Maurice Naggar
Link to post
Share on other sites

Hello Maurice,

Like I said, Malwarebytes only intervened when I went to "trovi.com" as a test. Any other time, it did not intervene, and just went straight to the DNS_PROBE_FINISHED_NO_INTERNET error.

WarThunder is an app that I have downloaded, it was free, and is a great game (highly recommend it). Yes, I did put those exceptions in there because McAfee, my main antivirus was causing the game to not connect. That was all.

The home page is a custom home page, it leads to this: https://imgur.com/9X3Bi7a

Searching in the address bar goes to this: https://search.cryptobrowser.site/?q=%s&f=cb (with "%s" as your search query.)

As soon as this is posted, I will clear cookies, history, and the cache, and run "flush.bat" Will post back once done.

 

 

Link to post
Share on other sites

Hello Maurice,

I apologize for the long delay (The scan took a long time.) I cannot find a log file so I have to give it to you this way.

Scan result (Times are in PDT):

 

 

Scans run

Scan Type: Full

5/7/2020 9:28:48 PM

Scan Completed.

Scan started: 5/7/2020 4:17:48 PM

Scan ended: 5/7/2020 9:24:42 PM

Total items scanned: 1560947

Total items detected: 31

Total items quarantined: 31

Processes scanned: 0

Processes detected: 0

Engine version: 4066.0

Engine creation date: 2020/05/07

 

Looking at the quarantined files, nothing related to my Browser was in there, just a bunch of Bitcoin mining software, that I had on purpose, not maliciously downloaded, that I don't mind losing. I might just reinstall it later. But nothing related to Trovi, or Conduit, or anything like that. Let me know your thoughts. Thanks!

Link to post
Share on other sites

Let's run a different diagnostic report tool.

Please download RogueKiller (x64) using the link below.
→ http://download.adlice.com/api?action=download&app=roguekiller&type=x64
⦁    
⦁    Save the file first,
⦁    Close any running programs that you started on your own ( if any).
⦁    Please disconnect any USB or external drives from the computer before you run this scan!

Double-click  RogueKillerx64.exe to run the program.
Follow the prompts. If a browser window opens, close the window.

In the HOME tab, click Scan button
Next, on the Quick scan pane, click om the Start button to proceed.
.
Upon completion, a browser window may open. Close this window.
 Important: Please do not have RogueKiller remove any detected items.
Click the HISTORY tab followed by Scan Reports.

Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.
Please attach the file in your next reply.
 

Link to post
Share on other sites

Hi Maurice,

I will go over those programs you asked for.

Sibelius: It is a program to write sheet music for many different kinds of instruments. I know they are not malicious, I paid for their software, and I know a lot of people around the world use it.

Avid: They own the program Sibelius, so Avid Link, is their way of making it easy to update their software. This not harmful in anyway.

PreMID: This is a program I use to connect to Discord. It will tell people when I’m watching YouTube, or SoundCloud, or even watching Twitch. It will tell people who look at my Discord profile that “Hey, I’m watching so-and-so on YouTube.” It’s kinda more like a “show your friends what you are doing” kind of thing.

CryptoTab Browser: This is an application that will mine Bitcoin for me, while I surf the internet. I have used this browser for the past year or so, and I really like it. It is a Chromium browser, so it acts like Google Chrome, and you can log in to Your Google account to sync everything. I installed this program myself, it was not installed maliciously.

I hope that is everything. Let me know your thoughts. Thanks!

Link to post
Share on other sites

Hello Maurice,

So far, yes, but I think mostly it’s not doing it right now, is because I restarted my computer about a couple days ago. Normally, if I restart my computer, it would be fine for about 2 weeks, and then the problem would reoccur. I really don’t want to make you wait 2 weeks to see if it comes back, but so far, it has not shown up.

Link to post
Share on other sites

Hi.  It is good to know that the issue has not re-appeared.

Let me suggest that you insure that Chrome ( if you use it )  &  Firefox  ( if you use it)  have the Malwarebytes Browser Guard.

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome. 
To get & install the Malwarebytes Browser Guard extension for Chrome, 
  
Open this link in your Chrome   browser: 
https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee


  
Then proceed with the setup. 

Also suggested for Chrome or Brave browser, the NoScript add-on extension for added protection from script exploits  
https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm


  
.
If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension. 
Open this link in your Firefox browser:    
https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/


Then proceed with the setup. 
That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.
.
 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.