I picked up the "trovi" virus. It somehow got past MSE, or - more likely - I did something foolish that caused it to get around MSE. I'm posting to share the experience and warn others. This post is coming from 'er indoors' laptop because I'm still trying to recover my desktop system.
I am reasonably certain that I picked this up while installed Duck Capture. You might recall that I posted about capturing the entire content of a scrolling screen some days back. Later there was a report that Duck Capture would do this; so I searched and found and downloaded it. Nothing occurred during this process or the subsequent install to give me a clue that this was installing 'trovi.com' as well.
Over the past weekend I noticed some performance issues and spent some time running PriVazer and CCleaner and eventually got past the problem. Something was really slowing down my response time while surfing and speed tests showed no ISP or Internet issues.
I noticed today that when using Firefox and clicking to get a new tab to browse to another web page I had a strange search panel - supposedly Bing - and when looking at the address window, I noticed 'trovi' in the URL. Out of curiousity, I searched and found that it is a browser hacking and redirection tool that collects all your Internet history and sells it to the highest bidder, for both legal and illegal purposes. Here's more information about the malware.
I ran a virus scan and found that Duck Capture was associated with much of it. After quarantining the malware, I discovered that I could not reboot the system. Apparently some system files were corrupted in the process. I'm now going through iterations of chkdsk and restart attempts to get to the point of returning to a restore point (which, groan, probably has trovi in it).
Be safe out there. I'm usually pretty alert to downloads and installs. I never knowingly disable AV. Why MSE didn't catch it I do not yet know.
Malware Intrusion Report
-
- UraniumLounger
- Posts: 9266
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Malware Intrusion Report
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 78412
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- UraniumLounger
- Posts: 9266
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Malware Intrusion Report
Uh-oh!HansV wrote:I hope you'll get your desktop up and working again!
That sounds like you think this might be fatal.
I got it running in Safe Mode and went back to a restore point made after automatic Win7 updates yesterday morning. I checked for MSE updates (found none) and am now running a full MSE scan on the desktop.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malware Intrusion Report
Thanks for the heads up.
It sorta spurs me on to be faithful in my weekly backups of my personal and work files to my external drive.
Sorry for your system...I have had this type of experience too before and its painful to have to recover ones entire system again...
I hope this won't have to the case with you.
It sorta spurs me on to be faithful in my weekly backups of my personal and work files to my external drive.
Sorry for your system...I have had this type of experience too before and its painful to have to recover ones entire system again...
I hope this won't have to the case with you.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.
-
- Administrator
- Posts: 12601
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Malware Intrusion Report
Yep, regular image backups is the only effective defence.
If you're reading this thread and you don't make image backups then start this week.
If you're reading this thread and you don't make image backups then start this week.
StuartR
-
- GoldLounger
- Posts: 2599
- Joined: 24 Jan 2010, 15:26
- Location: Olympia, WA
Re: Malware Intrusion Report
BobH,
Per your link above
Per your link above
Trovi.com virus it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program
I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living
Genealogy....confusing the dead and annoying the living
-
- gamma jay
- Posts: 25455
- Joined: 17 Mar 2010, 17:33
- Location: Cape Town
Re: Malware Intrusion Report
Based on what it did to Bob's PC...I'd call it a virus!!! (IMHO)DaveA wrote:BobH,
Per your link aboveTrovi.com virus it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program
I'm giving my PC the flu shot immediately.
Regards,
Rudi
If your absence does not affect them, your presence didn't matter.
Rudi
If your absence does not affect them, your presence didn't matter.