Malware Intrusion Report

[BobH]

I picked up the "trovi" virus. It somehow got past MSE, or - more likely - I did something foolish that caused it to get around MSE. I'm posting to share the experience and warn others. This post is coming from 'er indoors' laptop because I'm still trying to recover my desktop system.

I am reasonably certain that I picked this up while installed Duck Capture. You might recall that I posted about capturing the entire content of a scrolling screen some days back. Later there was a report that Duck Capture would do this; so I searched and found and downloaded it. Nothing occurred during this process or the subsequent install to give me a clue that this was installing 'trovi.com' as well.

Over the past weekend I noticed some performance issues and spent some time running PriVazer and CCleaner and eventually got past the problem. Something was really slowing down my response time while surfing and speed tests showed no ISP or Internet issues.

I noticed today that when using Firefox and clicking to get a new tab to browse to another web page I had a strange search panel - supposedly Bing - and when looking at the address window, I noticed 'trovi' in the URL. Out of curiousity, I searched and found that it is a browser hacking and redirection tool that collects all your Internet history and sells it to the highest bidder, for both legal and illegal purposes. Here's more information about the malware.

I ran a virus scan and found that Duck Capture was associated with much of it. After quarantining the malware, I discovered that I could not reboot the system. Apparently some system files were corrupted in the process. I'm now going through iterations of chkdsk and restart attempts to get to the point of returning to a restore point (which, groan, probably has trovi in it).

Be safe out there. I'm usually pretty alert to downloads and installs. I never knowingly disable AV. Why MSE didn't catch it I do not yet know.

[HansV]

I hope you'll get your desktop up and working again!

[BobH]

I hope you'll get your desktop up and working again!

Uh-oh!

That sounds like you think this might be fatal.

I got it running in Safe Mode and went back to a restore point made after automatic Win7 updates yesterday morning. I checked for MSE updates (found none) and am now running a full MSE scan on the desktop.

[Rudi]

Thanks for the heads up.
It sorta spurs me on to be faithful in my weekly backups of my personal and work files to my external drive.

Sorry for your system...I have had this type of experience too before and its painful to have to recover ones entire system again...
I hope this won't have to the case with you.

[StuartR]

Yep, regular image backups is the only effective defence.

If you're reading this thread and you don't make image backups then start this week.

[DaveA]

BobH,
Per your link above

Trovi.com virus it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program

[Rudi]

BobH,
Per your link above

Trovi.com virus it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program

Based on what it did to Bob's PC...I'd call it a virus!!! (IMHO)
I'm giving my PC the flu shot immediately.