Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


possible RAT? cant seem to get rid of trovi

  • Please log in to reply
2 replies to this topic

#1 raymj49


  • Members
  • 148 posts
  • Gender:Female
  • Local time:08:33 AM

Posted 22 March 2017 - 11:26 AM

Possible RAT? unknown/disabled programs still shows running in task mgr, and in BitD firewall

A lot of things are just strange, remote access disabled yet it is still running and i "dont have permission" to stop it ... "service cannot accept control messgae at this time" a ton of SVC host proccesses from services like "remote procedure call" "remote access connections" etc, soo many, especially strange programs running in BitD firewall, happy to provide a screenshot, ill put a few here if requested,


i have heard that sometimes people can use smart tv's to covertly gain access to your PC, iexcept in the case of 2 cell phones i try to use ethernet connections instead of wireless, and i do have  no log VPN service,,, in the process of hooking it up to my modem instead of each device.


as far as the "trovi virus" i've quarantine it so many time and it just seems to pop back up, i also had to restore the copmuter and for some unknown reason,  Advanced SystemCare was on there, which i was pretty sure i haven't downloaded on this PC, but did on another older PC i just found and was trying to fix up.  ill use  a rootkit killer, then jrt, adwclean, and mbam (paid addition) just sometimes Trovi still shows up.

thank you for you time!

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,730 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 23 March 2017 - 07:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Please post the logs.

Wait for further instructions.

#3 nasdaq


  • Malware Response Team
  • 40,730 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:33 AM

Posted 29 March 2017 - 07:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users