If your computer has been hijacked with an obnoxious malware that won’t let you change your home page, there’s a strong chance you’ve been infected with the Trovi Search Protect malware, which used to be known as Conduit. Here’s how to remove it.
How do you know this is malware? Instead of installing like it should, as a Google Chrome Extension, you’ll probably see that your extensions list doesn’t mention Trovi or Conduit at all. Instead, they are hijacking the browser process using Windows API techniques that no legitimate application should be using. For more details on that, you can read our series on using Process Explorer to troubleshoot Windows.
How Did You Get Infected?Usually at some point you made the huge mistake of trusting a site like Download.com, which bundled it into an installer for a completely different application. This is why you should be really careful when downloading freeware on the Internet.
They get around the legality issue with their long terms of service that nobody reads and by making sure there’s actually a way to uninstall the thing. But as far as we’re concerned, anything that installs in a sneaky fashion and hijacks your other running processes is malware.
Removing the Trovi Search Protect MalwareThis is really sad to say, but it’s actually important to use the Search Protect panel to turn off the bad settings first before uninstalling it. You can find the Search Protect icon in the system tray and then double-click on it to open up the panel.
In here, change your Home Page back to Google or whatever you want.
Now change your New Tab page back to Browser Default.
Change your Default Search back to “Browser default search engine.”
And then uncheck the “Enhance my search experience,” which is a lie, because it doesn’t enhance it at all.
Now head to Control Panel, find the Uninstall Programs section, and then find Search Protect and click the Uninstall button. While you are in here, you might want to uninstall anything else that says anything similar to “Search Protect.” If you see SaveSense, remove that too.
At this point your browser should be back to normal… but we aren’t done quite yet. There are still a lot of traces of this thing that we need to clean up.
Use the Google Chrome Software Removal ToolIf you are using Google Chrome, you are in luck because Google provides their own Software Removal Tool to make sure that all of these things are removed. Just head to the Google SRT page, download and run it, and it will automatically detect and remove everything.
Once you start up your browser again, it will ask if you want to reset your browser settings. This will reset everything to defaults, including removing all troublesome extensions. It’s probably a good idea, although note that you’ll have to login to all of your sites again.
Download the Software Removal Tool from google.com
Clean Up IE SettingsIf you are using Internet Explorer, you should go to the Tools menu and find the Manage Add-ons item. In here, you can click on Search Providers and change your search back to what it should be. If you see Trovi in the list, click on it and then click Remove.
Use Malwarebytes to Scan Your PCAll of the above techniques will get your computer back to normal — at least as far as Trovi is concerned. But there’s a very strong chance that you’ve got other things hijacking your browser and spying on you.
The best bet for cleaning up spyware and malware is Malwarebytes. You might ask yourself why you wouldn’t just use your regular antivirus product, but the fact is that antivirus just doesn’t detect spyware very often. It’s only useful for viruses that try to destroy your PC, which are few and far between at this point. Almost all of the malware out there is trying to spy on you, redirect your browsing, and insert more ads into pages that you’re viewing. It’s all about the money.
So the only really good product on the market that will find and remove spyware, adware, and other malware is Malwarebytes. Luckily they have a free version that will let you clean up and remove everything — if you want to pay for the full version that has active protection to prevent these things from happening, that’s fine too.
Once you’ve downloaded and installed it, you’ll be prompted to run a scan, so click that big green Scan Now button.
After it completes scanning, it’ll find a big huge list of things to remove. Click the Apply Actions button to actually remove all the malware.
You’ll want to reboot your computer to make sure that everything is fully cleaned up. If anything seems to come back, run Malwarebytes again, remove anything found, and then reboot again.
retrieved from url:http://www.howtogeek.com/198386/how-to-remove-trovi-conduit-search-protect-browser-hijack-malware/