KcozApp is a newly released rogue program with adware capabilities that is often detected as “Trojan:PowerShell/DownloadExec“. A number of users have reported this threat on various forums, which is how it came to my attention. I did some research on it and it appears this app is developed by an entity known as Tiqs Via Q and is very similar to other forms of malware, like the YuuvApp or the IcuApp (which we’ve dealt with in the past).
The main issue with KcozApp is that it will spam you with ads and possibly take over your browser and make changes to its settings. These actions don’t cause direct harm but can easily expose you to misleading and harmful content. If you aren’t careful with KcozApp, you can fall victim to a phishing scam or get more malware downloaded onto your system.
The obvious solution is to remove the rogue app, but that’s easier said than done. The good news is I’ve spent some time looking for valid removal methods and am now able to present you with a working KcozApp removal tutorial.
KcozApp Virus Removal Guide
I suggest you first try to remove this malware the easy way. No need to go into the more advanced steps if the quick removal gets the job done:
- Open the Start Menu and type “Apps & Features“
- Press enter to go to the list of programs installed on your PC and sort the items by their installation date.
- Look for KcozApp and other suspicious or unfamiliar names. If you find KcozApp listed, uninstall it.
- If you notice anything else suspicious, get rid of it too. For example, if you can relate the appearance of KcozApp on your system with a program you’ve recently installed, it’s probably a good idea to delete that program too.
- Restart your PC, then type Virus & Threat Protection in the Start Menu, and hit Enter.
- Click Scan Options and run a Full Scan to see if there are any traces left of the malware. If the scan finds anything, delete the culprits.
Now restart your PC again and start using it normally. If it seems KcozApp is gone, you’re good to go. But if the adware is still bothering you, then proceed to the advanced steps below.
SUMMARY:
OFFERBefore you proceed, I must warn you that the next steps are somewhat time-consuming (the removal can take up to an hour) and require some base level of technical know-how from the user. Also, the manual removal doesn’t always guarantee full elimination of all rogue software and data.
For this reason, it’s strongly recommended to use the following guide in combination with SpyHunter 5, especially if you are not an experienced user. The suggested removal tool has proven time and time again its efficiency against similar threats and you can find it on the current page.
How to Get Rid of KcozApp
To successfully uninstall and delete KcozApp, you’ll first need to prepare for the removal process.
Start by downloading and installing on your PC a free tool called Lock Hunter.
I don’t recommend avoiding this step. This tool is essential as it unlocks any blocked KcozApp files or folders that you won’t otherwise be able to delete. Skipping this tool will make things more difficult so I suggest you get it now.
You must also make sure you can see any files or folders that KcozApp has made invisible.
To reveal them, open the Start Menu and type “Folder Options“. Change the settings in the View tab by selecting the “Show hidden files, folders, and drives” option. Apply and save the changes and you’ll now be able to see files KcozApp has concealed.
You are ready to begin the actual removal.
Remove KcozApp Virus Processes From the Task Manager
The first thing I recommend is to open the Task Manager by pressing Ctrl + Shift + Esc. Then expand the list by clicking More Details (if it’s note expanded already).
You must find the KcozApp process and stop it, but don’t expect it to have the same name. Instead, look for processes that consume lots of memory and CPU but don’t seem linked to a program you are familiar with.
It can help if you sort the list of processes by CPU and memory consumption.
Did you find a process that looks out of place? Right-click it, open the file location, and delete the folder you get sent to.
Some files in that folder might be in use by the malware, which prevents the deletion. Solve using LockHunter. Install the tool if you haven’t already, then right-click the folder, select “What’s locking this folder” and then click Delete in the following window.
Then you must return to the Task Manager, select the sketchy process, and click End Task.
IMPORTANT!: If you do see a process named KcozApp, Tiqs Via Q or anything similar, you should obviously delete it and its files too!
How to Delete KcozApp Virus Files
There are probably leftover KcozApp leftover files in other locations in your system. You must hunt them down and eliminate them or the adware won’t be fully removed:
First, navigate to C:\Users\YourUsername\AppData\Roaming and look for a folder named Tiqs Via Q or KcozApp. If you find such folder, delete it without hesitation. Use LockHunter if you need to.
Other locations you must visit and check for suspicious files and folders are:
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
- C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- C:\Program Files
- C:\ Program Files (x86)
Delete anything questionable that seems linked to KcozApp or Tiqs Via Q.
Then also go to this folder:
- C:\Users\YourUsername\AppData\Local\Temp
In it, you must delete everything. This folder stores temporary files, so it’s okay to get rid of them all.
Get Rid of KcozApp Scheduled Tasks
KcozApp doesn’t stop with hidden files. It also sets up scheduled tasks to reinstall itself.
Open the Start Menu and search for “Task Scheduler“. This tool will show you all scheduled tasks on your system.
Go through the Task Scheduler Library folder. If a task seems odd, check its properties – double-click it and go to the Actions tab.
Any task set to run anything from AppData or Roaming should raise suspicion. The same applies to tasks that run unfamiliar executables or scripts with an unclear purpose.
Note down the file path shown in that action tab and then delete the respective task. After that, go to the path you noted and delete the file the task was set to perform.
Uninstall the KcozApp Malware Through the System Registry
KcozApp hides even deeper within the Windows Registry. Removing it from here requires precision.
Open the Start Menu and type “regedit“. Run the Registry Editor as Administrator, then press Ctrl + F, and search for “KcozApp“.
Any registry keys (folders in the left panel) that contain KcozApp items must be deleted. Search again after each deleted key to confirm there aren’t others left.
Repeat the process with the term “Tiqs Via Q“. KcozApp’s creators use multiple names to cover their tracks.
Remove KcozApp From Chrome and Other Browsers
As I mentioned at the start, KcozApp may also target your browser and modify its settings through a rogue third-party policy.
If there’s a “Managed by your organization” message in the browser’s menu and at the top of this Settings page, this means that the adware is currently in control of the browser and you must do something about it.
Fix this by opening the Group Policy Editor (search for it in the Start Menu). In the Editor, expand Local Computer Policy > Computer Configuration, and right-click on Administrative Templates.
Select the Add/Remove option and delete any templates you see in the following list.
If this doesn’t solve the issue, download Chrome Policy Remover (works only for Google Chrome). It’s a simple and totally free tool that automatically deletes any malicious policies set by KcozApp.
Don’t worry if Windows Defender or your third-party AV flags it as a threat, the tool is perfectly safe. Whitelist it, ignore any warnings, and run it as Administrator. It will automatically run a policy-removal script and all Chrome policies will be gone once it’s finished.
After dealing with browser policies, you must clean up your browser.
Go to its menu, open Settings, and in the Privacy and Security section, clear your browsing data. Be sure to select a time range that includes when KcozApp first appeared on your system.
Don’t forget to leave your passwords intact – you don’t need to clear them. Delete all other browsing data.
Then go to the Site Settings section (still in Privacy and Security), check all permission types, and remove from them any strange, unfamiliar sites that are granted the respective permission.
Then check your Extensions, Search Engines, Startup settings, and Appearance settings.
Delete anything unfamiliar and restore the regular settings of your browser. KcozApp often sneaks into these areas, so reviewing each section is necessary.
With these final steps completed, the adware should be fully gone from your PC. And in case it’s somehow evaded your removal attempts, remember that Spy Hunter 5 is always a valid solution to clear your PC from rogue software such as KcozApp.
Leave a Comment