Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trovi Virus - help to remove please

17 Jul 2014   #61
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

@Tousdae - Always go to the manufacturers site to get any kind of programs. Anytime you d/l it from another source, such as a site hosting the d/l, there is a good chance nowadays that it will have some unwanted extras. This is how the sites make their money. Some sites are up front about it with the option to opt out, others try to sneak it in because once it's in your system they get paid.

Once you have done a clean reinstall, (provided there were no rootkits & you got the Windows ISO from MS), you should have a clean system. You have to narrow down the possible places that re-infection is occurring from. Is it the HDD, a flash drive, infected personal files being re-introduced into the system or is it d/l ing files from sources other then the manufacturers site.


My System SpecsSystem Spec
.
17 Jul 2014   #62
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Quote   Quote: Originally Posted by Tousdae View Post
GM,

Here's the log. Thanks for telling me where it was. Um, 39 is a lot?

I wish I'd have thought of a screen shot when the program was finished running

Thank you. I've a busy day. This pc has been keeping me hostage at home. Be back later. Thank you so much.
Thanks for the log - it looks as though ESET picked up a lot of things from the AdwCleaner quarantine and other things from Windows.old (there's actually two Windows.old folders). There were remnants of the virus in both places that would have the potential for reinfestation.

It's interesting that there is a Windows.old folder - this is created when updating Windows, not when you do a clean install. So.... that sheds some light on the subject.

There are two paths you can take
  1. Do a clean install.
    I know you've already invested time in this process, but something was missed or misunderstood when you reinstalled the last time(s)

    If the reinstall is done correctly, you won't have to run the scanners (ok, maybe AdwCleaner just to check).

  2. Continue with the path you're on
    • Once you clean up the Windows.old folder, the system looks fairly clean.
    • Two more scans will give you the best idea if there's any other remnants.
    • Some hosekeeping - remove the scanners you downloaded,
      it's always better to get a fresh version if needed weeks or months down the road
    • Complete Windows Updates. This you will have to do in either case.

When you get back, run Disk Cleanup to get rid of Windows.old (if Disk Cleanup doesn't remove Windows.old - you can safely delete it using Windows Explorer. You might have to change the view to see hidden files - not sure)
See: Disk Cleanup - Open and Use
Steps 1-3 & 5. Make sure you tick all check boxes, scroll down to see more boxes.

Regarding c\Net -> the download manager contains additional offers that should always be unTicked. The mechanism c\Net uses to offer this 'extra' software is flagged as a PUP. That's why many members frown on c\Net - it has always been a reliable source for downloads, but when c\Net started bundling other 'crap' in with the software you really wanted, it earned it's Scarlet letter. Here's a thread that discusses the issues:
Okay I tested a Cnet download (results)

To Greg's point: there are better websites that don't bundle additional software. FileHippo, BleepingComputer, MajorGeeks, TwoCows, and of course the source is usually the wisest place.

Also, keep away from 3rd party utilities - optimizers, driver finders, registry cleaners..... most do very little for your system and some can harm your system.

I've learned a lot from Greg, I just have more time than he does.

Now, back to the work at hand

Let members know your plans, to continue disinfection or go all in with yet-another reinstall. Greg is actually the best person to help you do a Clean reinstall - he wrote a few of the tutorials. You'll have to respect his time though, it is spread among many threads.

If you decide to do a clean install, don't take any action until you have the full plan in place... I don't want you to go through the exercise again only to have to restart again. A clean reinstall is the surest way to get rid of anything that ails your system, if done correctly. The scan and clean is 97-99% sure, but not guaranteed.

Bill
.
My System SpecsSystem Spec
17 Jul 2014   #63
Tousdae

Windows 7 Professional 64 bit
 
 

I have 3 windows logs, I think, that I was going to ask how to remove. That is done automatically with reinstall.

Are you saying that Trovi is still on this machine? .............. I just put back over 3,000 mp3s .. >.<

Greg has helped me yes. Please. It's just about me being able to wrap my head around Bill's words better.
My System SpecsSystem Spec
.

17 Jul 2014   #64
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Three windows logs? Do you mean 3 Windows.old folders?

The folders are only created by an update install. It's a small difference in one option - interestingly you can do an upgrade of Windows 7 with Windows 7 - SF refers to that as a Repair install. It places all Windows system files in the correct place with the correct version. I think that's what you did instead of a Clean reinstall.

If you do a Clean re-install, the Windows.old folders are not created. They can't be created because there's nothing left of the previous install to create them from.

Anyway, back to your questions.

I don't think there are any viruses on your system, other than what's in AdwCleaner quarantine (safe place for them) and in the Windows.old folders.

Go back to post# 62 and run Disk Cleanup following the tutorial I linked. After it's done, use Windows Explorer to look for any Windows.old folders on the C:\ drive. If there any - manually delete them.

Launch AdwCleaner one more time and scan, then clean, then hit the uninstall button.
This will tell you if anything came back with files you moved. Let's hope not.
It will also remove the quarantine (it might ask, if it does say yes remove the quarantine).

Until the last two scanners tell you that the system is disinfected, please refrain from installing anything or moving files, thanks.
You're almost done.

Let me know when the Disk Cleanup has finished and there are no more Windows.old folders.
I'll post the last two scanners after that step. Thanks for bearing with me on the process.

Bill
.
My System SpecsSystem Spec
17 Jul 2014   #65
Tousdae

Windows 7 Professional 64 bit
 
 

I cannot delete those windows old files. It says I need permission from the administrator .... who'd be me. I did a disk cleanup about 30 mins ago, actually. I was trying to delete those windows old folders that way. Which didn't work. I went into the folders and I'm trying to delete the contents hoping the folder itself will delete. I just have Windows.old>Users>me. That folder is empty.
My System SpecsSystem Spec
17 Jul 2014   #66
Tousdae

Windows 7 Professional 64 bit
 
 

Ok 2 of the 3 folders are gone. The one left doesn't have anything in it. I'll do the disk clean up again then scan with adwcleaner.
My System SpecsSystem Spec
17 Jul 2014   #67
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Hmmm, Disk Cleanup didn't remove the Windows.old folders...

I was fairly certain it would.

The folder won't just delete itself. You might have to give your id privileges to the folder.

Do me a favor first,
Open an Elevated Command Prompt
In the Command Prompt widow type the following commands
cd \
dir /a windows.old > C:\listOldWin.txt
dir /a windows.old.* >> C:\listOldWin.txt
exit
The 1st command changes the current directory to the root of your C: drive (C:\)

The next command does a directory list of C:\ for anything named Windows.old and writes (>) the list into a text file named listOldWin.txt on your C:\ drive

the next command does a directory list of C:\ for anything named Windows.old.* and appends (>>) the list to the same text file

the last command exits command prompt.

Attach C:\listOldWin.txt (use the paperclip icon on the post menu) to your next post.
You can delete the listOldWin.txt file after you attach it.

Thanks

Bill
.
My System SpecsSystem Spec
17 Jul 2014   #68
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

I guess you can forget the dir list - you've already managed to get rid of 2 of the 3.

We'll come back to Windows.old after AdwCleaner, ok?

You might try Disk Cleanup Run as admin - not sure if that will change anything or not.

Bill
.
My System SpecsSystem Spec
17 Jul 2014   #69
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

1. Click here to dowload herdProtect
a. Click on the Portable version
b. Click Save on the download action bar (your downloads folder is the default save location)
c. Click Run when the download complete action bar is presented
1. Answer Yes to the UAC diaglog window
2. Click Next on the "This will extract the portable version..."
3. Specify the location for the extracted files (Thumb drive, or Hard drive)
4. Click Next
5. Click "I agree" on the license dialog window
6. Leave the checkbox ticked [a] Launch herdProtect
7. Click Finish
2. Click Scan
herdProtect is a cloud based service. Your computer must remain connected to the Internet while the scan runs.
a. Depending on your system it will take between 5 to 30 minutes for the scan to complete. The two buttons on each object detected provide more detail, but aren't very useful to the average user.
1. Click View to open the file location on your computer
2. Click Details to open the herdProtect knowledgbase for that file
3. Post a screen shot of the results window

Stop at this point
Leave the herdProtect window open

A member will review the information in the screen shot and advise you further. You might be asked to press the Details button to aid in determining the severity of the file reported.

There might be some false positives that can be ignored, but someone needs to determine if there is a real threat among the files reported.

This can be a lengthy process for the member on this side of your monitor - each file has to be researched.

This is a good final check to see if your other scans missed anything. The last scanner, ESET, looked fairly clean. It did uncover the hiding places though.

There's one more scanner after this, please be patient. I know you're chomping at the bit to get your machine back and I'm chomping at the bit to let you have it back

After the last scan, there is some house keeping, I'll post what that entails and you can do that at your leisure.
My System SpecsSystem Spec
17 Jul 2014   #70
Tousdae

Windows 7 Professional 64 bit
 
 

Image attached.

I forgot about Adw ... Right now that herd protect is running. I'll wait until that is done.


Attached Images
Trovi Virus - help to remove please-untitled1.jpg 
My System SpecsSystem Spec
Reply

 Trovi Virus - help to remove please




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How do I remove this virus/malware url?
I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome ...
System Security
How to remove "trovi" addware
I HAVE installed a new crucial ssd m240 gig c drive,my files are kept seperat on another internal hard drive. heres the chronology: I did a clean win 7 install ,and all was ok, untill i downloaded avast ,Free version,thru ie browser. then I downloaded chrome to use as default browser. went back...
System Security
UI taken over by Trovi.com. How can I get rid of it?
Help! My user interface has been hijacked by something called trovi.com. It changed my primary search engine to Bing and blocked most of the things that I had set up in Google Chrome. I don't know how it got downloaded but I sure would like to get rid of it. Can somebody help? Thanks, Mark...
System Security
Can't remove a virus (or a PUP?) from my computer
Hello :D I somehow got 2 programs that cannot be removed. When I uninstall them, they just keep reappearing at boot. I don't know if that's a virus or a PUP, but it's really annoying. The 2 programs are "FixMyRegistry" and "SpeedUpMyComputer" by "SmartTweak" ( Who are the *******s behind...
System Security
win7 virus cant remove
On my dads laptop he downloaded this win7 antivirus, a little after he started having some computer problems. so i looked at it and soon realized that it was a fake antivirus, but it has been harming the computer now i cant even connect to the internet on it. ive tried everything, i uploaded norton...
System Security
Help Remove Virus
i had windows 7 installed than i installed XP...n i inserted a usb while using XP...the usb contained the "New Folder.exe" virus...n infected my windows....it also infected Windows 7....i formated both drives...now i only have windows 7 installed ... but the effects of the virus are still there......
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App