Malware

How to remove the Trovi browser hijacker from Chrome, Safari, and Firefox

Ray Fernandez

Apr 30, 202512 min read

How to remove the Trovi browser hijacker from Chrome, Safari, and Firefox: Header image

So you downloaded some software, and now every time you open your web browser, it redirects you to trovi.com. Not only that, but now, your browser is constantly throwing ads at you. The source of the problem is the Trovi browser hijacker.

If this comes as a surprise to you, you’re not alone. Many users read about sophisticated cyberattacks against large corporations and governments and think it could never happen to them. However, the numbers prove otherwise. While flashy, newsworthy cyberattacks hit the media cycle every day, low-level scams flying under the radar cost average folks billions, if not trillions of dollars every year, globally. But don’t worry, we’ve got you covered. Here’s how to remove Trovi from your browser.

What is Trovi, and how did it get into your browser?

Technically, Trovi is neither a virus nor malware but a potentially unwanted program (PUP). However, given that it is annoying, invades your privacy, messes up your system, and can lead to more serious malware and cyberattacks, it could be classified as malware, a browser hijacker, or adware.

Screenshot of the main site of Trovi the browser hijacker.

Trovi will throw ads at you while you are online, change your browser settings, create redirects, and modify your default New Tab website. More importantly, Trovi will drop tracking cookies that gather your personal data and track your online behavior. Plus, it can end up taking you to some very risky websites.

The main way Trovi is distributed is through bundled software. This means it comes hidden inside an app or program you download. Trovi usually comes as a browser extension, but it is also distributed as a standalone app.

Trovi is often hidden inside:

  • Free media players
  • System utilities
  • Freeware programs
  • Cracked software
  • Online gaming sites
  • Popular apps
  • “Make money online” sites

Other popular adware and browser hijackers affecting Mac users include:

  • Adload
  • Baron
  • Ask toolbar
  • Marquis
  • Bundlore

We have provided guides on how to remove Baron, how to remove Marquis, and how to remove the Ask toolbar.

How the Trovi browser hijacker works

While Trovi was originally more notorious on Windows systems, it now targets macOS users. On a Mac, the underlying mechanisms differ slightly due to the architecture and storage of browser settings.

As mentioned, Trovi may come bundled with other free software downloads. Once installed — even without explicit permission — the browser hijacker’s installer can deposit components on the system that attempt to alter browser settings.

Although macOS is generally more secure than some other operating systems, attackers may exploit weaknesses in bundled software or leverage user-granted permissions to run helper applications that persist in the background. This is how Trovi can bypass Apple’s security.

To do its thing, Trovi modifies browser-specific configuration files and settings. For example, Safari stores its settings (such as the homepage) in property list (plist) files within the user library (commonly at ~/Library/Safari/ or in related preference files like com.apple.Safari.plist found in ~/Library/Preferences/). Trovi makes modifications in these folder locations.

Trovi might also modify these plist files directly, either by writing malicious data into them or by launching helper tools/scripts that rewrite user preferences.

In some cases, hijackers might install unauthorized Safari extensions or configuration profiles that make it harder for users to revert changes. This is why, if your Mac has Trovi on it and you change your default homepage back to your preferred site, the fix won’t stick. Trovi can change it right back.

Should I even be concerned about the Trovi virus?

Yes and no. First of all, if you have Trovi on your Mac, your browsing experience will be significantly degraded. Trovi can also redirect you to malicious sites, such as phishing websites, or cause trojan downloads.

More importantly, if you have Trovi on your Mac — we’re sorry to say this — it is a sign that you do not take your cybersecurity and digital privacy seriously enough.

Trovi is a risk and should be taken seriously. But instead of worrying, you can take some simple actions to make sure no one messes with your cybersecurity and your privacy. This includes your data, your contacts (work contacts, close friends, and family), your financial data, and your money at the bank.

Here’s a brief list of the dangers that browser hijackers like Trovi can cause:

  • They can hijack your browser and alter settings like your default homepage and new tab page without your consent.
  • They will bombard you with unwanted advertisements that can lead to malicious websites to steal your credentials, track you even more, or trick you into downloading malware.
  • Browser hijackers gather your personal data by dropping cookies that can track your behavior, activity, and history online. All the information gathered can be sold to data brokers and advertisers.

As previously mentioned, a browser hijacker on your machine is a clear red flag that your digital guard is too low, exposing you to the real online bad guys who will have no problem emptying your wallet, using your computer to spam thousands of people, mine for crypto without your knowledge, or turn your computer into a bot to flood websites in DDoS attacks.

Why does Trovi malware force users to visit its website?

The reason why the developers behind Trovi want your browser to go to their website is simple: money.

This type of software is created to make cash from ads. And if you click on those ads, the attackers make more. That is why ads pop up relentlessly, won’t disappear unless you click them, or have hidden click actions in the close ad X button on the top right.

Additionally, the Trovi site has fishy cookies and scripts that can gather system information and do other not-so-nice things. This is why they redirect you there.

How to get rid of Trovi malware on Mac

If you are reading this, you probably already tried to remove Trovi yourself several times. You may have also rapidly scrolled through several “Remove Trovi” guides online in search of the silver bullet. Well, here it is.

Now, bear with us because Trovi is not only annoying to have on your Mac; it’s also annoying to remove. However, if you follow these steps for Trovi removal on Mac, we guarantee you will be rid of it.

Check your Mac for malware using CleanMyMac

If you are looking for the ultimate solution to remove Trovi, adware, or any other type of malware, look no further. CleanMyMac can get this job done easily and in no time.

Most importantly, CleanMyMac will save you the trouble of manually removing Trovi everywhere it hides — and yes, Trovi hides in several places. Thankfully, CleanMyMac will have it gone in a single sweep and a couple of clicks.

A screenshot of the CleanMyMac Protection feature.

To remove Trovi using CleanMyMac:

  1. Open CleanMyMac and select the Protection feature on the left.
  2. If it’s your first time using the software, choose Configure Scan. Select everything and choose Deep Scan.
  3. Click Scan, and CleanMyMac will scan your Mac for browser hijackers, trojans, and any other type of malware or suspicious files. 
  4. When Trovi has been found, CleanMyMac will present it to you, along with a comprehensive list of any other identified threats. 
  5. Select all the threats and click Remove.
CleanMyMac protection removal complete (2) screenshot

Get rid of Trovi browser hijacker in Chrome

There are 3 ways to manually remove browser hijackers like Trovi from Chrome. The first 2 methods are easy and fast, but there’s a downside: You will lose all your Chrome or other browser data unless you back it up.

The third way is to go to every location where Trovi leaves its digital footprint and delete its presence there. Don’t worry. We’ve included a step-by-step guide in the section below.

Method 1: Delete and reinstall Chrome on your Mac

  1. Close Google Chrome completely (use Command + Q).
  2. To uninstall Chrome, first open the Finder and go to the Applications folder.
  3. Locate Google Chrome.
  4. Drag Google Chrome to the Trash.
  5. Restart your Mac.
  6. Reinstall Chrome from the official App Store.

Method 2: Reset Chrome

  1. Open Google Chrome.
  2. Click on the three-dot menu in the top-right corner and select Settings.
  3. Scroll down and click on Advanced to expand additional settings.
  4. Under the “Reset and clean up” section, click “Restore settings to their original defaults.”
  5. In the confirmation dialog that appears, click “Reset settings.”

Bonus tip: It’s a good idea to close and reopen Chrome to ensure that the reset takes effect.

Method 3: Manually remove Trovi from Chrome

First, remove the Trovi extension from your browser:

  • Open Chrome.
  • Click the three-dot menu (top-right) and select More Tools > Extensions.
  • Review installed extensions and remove any suspicious or unfamiliar ones (click Remove).

Now, let’s clear Chrome data (cache, history, cookies):

  1. Go to Chrome, click the three-dot menu, and select Settings.
  2. Click on “Privacy and security” in the left sidebar.
  3. Select “Clear browsing data.”
  4. Make sure “Browsing history,” “Cookies and other site data,” and “Cached images and files” are checked.
  5. Choose an appropriate time range (e.g., “All time”).
  6. Click Clear data.

You also have to stop any process that Trovi may be running on your device. To do this:

  1. Close Chrome by right-clicking the Chrome icon in the Dock and selecting Quit, or press Command + Q while in Chrome.
  2. Open Activity Monitor (found in Applications > Utilities).
  3. Look for anything suspicious or any task that mentions or could be linked to Trovi. Select it and click the X button in the top left to shut it down.

Next, you’ll have to remove any suspicious files and folders that Trovi has created:

  1. In the Finder, click on the Go menu in the menu bar and select Go to Folder…
  2. Type the following path: ~/Library/Application Support/Google/Chrome/Default.
  3. Look for files that may have been altered or include Trovi-related URLs (such as the Preferences file) and delete them. If you’re unsure, you can rename the file (e.g., “Preferences_backup”) so Chrome creates a new default file on its next launch.

Delete even more hidden Trovi files:

  1. In Finder, navigate to ~/Library/Caches/Google/Chrome.
  2. Delete suspicious files and folders that may be related to Trovi. Or you can simply remove the entire Chrome cache folder. It will be recreated automatically when Chrome is launched.
  3. Inspect ~/Library/Preferences for any Chrome or Trovi-related plist files that might enforce settings, such as com.google.Chrome.plist or com.google.Keystone.agent.plist (if applicable).
  4. If you find any and know they should not be there, move or delete them.

Finally, remove Trovi-related startup items and scheduled tasks:

  1. Open System Preferences and go to Users & Groups.
  2. Select your user account and click on Login Items.
  3. Look for any items with unfamiliar names or those related to Trovi. Select them and click the minus sign (-) button to remove them.
  4. Next, go to the Finder, click the Go menu, and select Go to Folder…
  5. Check both of these locations: /Library/LaunchAgents and ~/Library/LaunchAgents.
  6. Look for any suspicious .plist files that mention Trovi or unknown applications.
  7. If found, move them to the Trash.

As you can see, it is rather time-consuming, but it will get the job done. Remember, a trusted and professional anti-malware tool like CleanMyMac can take care of all this for you in just seconds, leaving your Mac free from any trace of Trovi.

Stop Trovi adware in Safari

The method to manually remove Trovi from Safari is similar to Method 3 in the section above.

To remove Trovi from Safari and stop its adware:

  1. Open Safari.
  2. In the top menu, click Safari > Preferences.
  3. Go to the Extensions tab.
  4. Look for any unfamiliar or suspicious extensions (especially ones tied to adware) and click Uninstall.
  5. Go to the Websites tab and review all plug-ins. Disable any plug-ins you do not recognize.

Next, you’ll need to clear Safari’s data:

  1. In Safari, click Safari > Preferences > Privacy.
  2. Click Manage Website Data…
  3. In the displayed list, search for Trovi-related content or any unfamiliar entries.
  4. Select them and click Remove, or choose Remove All if you want to clear everything (this clears the cache, cookies, and local data).

If you did all this and Trovi ads and redirects still occur, do the following and reset Safari:

  1. In Safari, click Safari > Preferences > General.
  2. Confirm that your homepage is set to your preferred site (change if necessary).
  3. Next, in the Search tab, verify that your default search engine is set to your preferred provider (like Google or DuckDuckGo) and not Trovi.
  4. In the Privacy tab, under “Cookies and website data,” ensure that your settings are adjusted to your comfort level for blocking unwanted trackers.

Finally, remove suspicious files and profiles:

  1. Open System Preferences and select Profiles (if present).
  2. If you see any profiles related to Trovi or unknown sources, select them and click the minus sign (-) button to remove them.
  3. Additionally, you can clear Safari’s caches and temporary files manually as needed.
  4. Open Finder, then navigate to Go > Go to Folder… and enter: ~/Library/Caches/com.apple.Safari
  5. Delete the contents of this folder (Safari will rebuild them on its next launch).
  6. As a final step, close Safari and restart your device.

Remove Trovi browser hijacker in Firefox

You can follow similar steps if you are using Firefox. To remove Trovi from Firefox:

  1. Open Firefox.
  2. Click the menu button (three horizontal lines) in the top-right corner and select “Add-ons and themes.”
  3. In the Extensions section, look for any unfamiliar or suspicious add-ons (especially ones that may be associated with adware or browser hijackers like Trovi).
  4. Click the three-dot icon next to the add-on and select Remove.

Next, reset Firefox:

  1. In Firefox, click the menu button and select Settings.
  2. In the Home section, check that your Homepage is set to your preferred site.
  3. In the Search section, confirm that your Default Search Engine is set to a reputable provider (e.g., Google, DuckDuckGo) rather than Trovi.

To further reset any unintended changes, you can refresh Firefox:

  1. Click the menu button, then Help > More Troubleshooting Information.
  2. Click Refresh Firefox… on the right-hand side.
  3. Follow the on-screen dialog. Note that this will remove extensions and customizations, so back up essential data like bookmarks if needed.

Now, clear Firefox data (cache, history, cookies):

  1. Click the menu button and select Settings.
  2. Choose Privacy & Security from the left menu.
  3. Under the Cookies and Site Data section, click Clear Data… and check both options: Cookies and Cached Web Content.
  4. Scroll down to History, and click Clear History…
  5. In the dialog, select a time range (e.g., Everything) and ensure Browsing & Download History, Cookies, Cache, and Other Site Data are checked.
  6. Click OK to clear data.
  7. Check and remove suspicious files from your Firefox profile.
  8. Restart your computer.

You should also follow the steps listed in the Chrome and Safari sections above to remove Trovi-related active running processes, Trovi applications installed on your system, and files that Trovi creates.

What to do if the Trovi redirect won’t go away

If you followed the steps listed above and Trovi is still active, you may have missed a step or two. Remember that it is important to remove not only the browser extension but also the data and files it creates in system folders, browser files, startup processes, and new Trovi profiles.

We recommend that users avoid the manual nightmare of sifting through folders and backing up browser data. Instead, simply run a trusted anti-malware to remove Trovi.

Having said that, you can always go back to the sections listed above detailing how to remove all traces of Trovi and give it another try. Make sure you follow each step.

How to avoid the Trovi browser redirect in the future

Prevention is the best defense when it comes to cybersecurity. However, it is not very comforting to hear this when you are already dealing with a breach by an unwanted program hijacking your browser.

Now that we’ve covered how to get rid of this type of adware/browser hijacker, let’s discuss how to avoid being sucked down this rabbit hole again.

  • Level-up your cybersecurity awareness and practices: Stay informed about the latest cybersecurity threats and best practices by regularly reading trusted security blogs and resources. This will strengthen your knowledge and give you the insight you need to detect malware before it’s too late.
  • Watch out for downloads: Only download software from trusted sources and carefully review the installation process to make sure no bundled applications like Trovi are installed.
  • Stay away from fishy sites: From online gambling to cracked software and freeware, steer clear of sites that can lead to malware.
  • Keep your system and apps updated: Regularly update your operating system and applications with the latest security patches to protect against known vulnerabilities.
  • Get an anti-malware tool and put it to work: Use reputable security software that provides real-time protection and periodic system scans to catch potential threats early.

Trovi might not be classified as an illegal program, but this browser hijacker can be incredibly annoying. It degrades your online experience while stealing your personal data, and removing it is tricky and time-consuming.

Fortunately, by using this guide, you can set yourself free from Trovi and similar PUPs. Follow the steps and tips above to take back control of your browser — and your data.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Google Chrome is a trademark of Google LLC. Firefox is a trademark of the Mozilla Foundation. Mac, macOS, and Safari are trademarks of Apple Inc.

MoonLock Banner
Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.