CiviApp Adware Virus – Easy Removal Instructions

By Andy Mulholland - Malware Researcher 4 Min Read

CiviApp Virus

We came upon CiviApp, an ad-supported program while downloading malicious payloads in a malware-testing environment. We discovered that the aforementioned application installs alongside the computer and functions as a loader, spreading malware such as browser hijackers and potentially unwanted programs (PUPs).

CiviApp installed on computer
1.1 CiviApp installed on computer

After installation, we saw that it began to install unwanted apps and toolbars on both our PC and browser. After that, adverts and redirection began to appear in the browser. We also learned that once everything is set up, CiviApp will be inactive on the system and can only be accessible via the programs list and Control Panel.

Adware threats in general

Adware, often known as ad-supported software, makes cash for its developers. In this case, CiviApp and its associated applications and extensions appear after installation. These applications are the primary source of unwanted adverts displayed on the browser and computer.

When you are infected with advertising-supported software, you may see persistent banner adverts on your screen, as well as an ad-laden browser. adverts are commonly found in search results, notifications, and even the home tab, which can be configured to display adverts.

Malware makers make money by inserting advertising on users' screens without their permission. Simply downloading an undesired program bundled using CiviApp can pose significant dangers to the computer and alter several settings to benefit malware developers.

Behavior of the threat

As previously stated, CiviApp shows only once on the PC during the initial installation. We also discovered that when we tested the adware in an earlier version of our malware testing environment, it did not install on Windows 7 or earlier. It also appears to be extremely similar to other adware programs we have previously covered, like TruoApp, YuuvApp, RairApp, and Applvl.

CiviApp in Control Panel
1.2 CiviApp in Control Panel

After installing CiviApp, we noticed a number of activities and commands running on the laptop. One example is the installation of unwanted browser extensions, such as the fake Save to Google Drive extension, which is malware masquerading as a legitimate plugin.

As a result, we've seen a number of changes to the browser, including the default search engine switching to one backed by malware authors. Installation setups also randomly pop up to install potentially undesirable software (PUPs) on computers.

Distribution network

The CiviApp program is installed on the user's computer, along with payloads obtained from unknown sources. Illegal streaming platforms, cracked gaming and software sites, and malware-infected files are some examples.

In other circumstances, it is loaded through third-party installers, which install the necessary core software while also running the CiviApp application and any other unwanted objects included in the installation.

Summary of the threat

Malware name CiviApp
Developer Yuif Qyus Public
Version 3.3.8
Threat type Advertising-supported software (Adware), PUP, Rogue Program
File type .exe
Delivery network Bundled into third-party installers & unreputable site downloads
Malware behavior Installs unwanted program/s to the computer, show unwanted ads, and redirect the browser to a different search engine
Damage Potential data loss, poor search results, bad browser experience

More about CiviApp

There have been only a few reports of computer users becoming infected with the CiviApp app, which may provide some respite. However, if you are unable to remove the CiviApp adware or discover that one of the programs included in the payload has invaded your laptop or desktop, follow the procedures below to remove them, as well as any other malware that may be present in your system.

CiviApp removal guide

If you need help eliminating CiviApp from your computer, you've come to the correct place.

The following step-by-step instructions will show you how to uninstall the adware and remove any other malware threats that may have entered your computer's system.

We considered the technical skills of the people who use the internet, so we made sure the steps are simple enough that even those who aren't tech-savvy could follow them.

Before proceeding, make sure you have a backup of your data saved somewhere else.

If you don't, your files may be destroyed or lost as you follow the instructions below. These situations rarely happen, but we recommend doing it just in case.

Remove CiviApp Instantly

Poor protection often leads to malware infection. Let Bitdefender, the world’s leading antivirus, handle CiviApp with ease. It's time to stop worrying about malware.

Start Protecting Your Device Today

We've teamed up with Bitdefender to offer Hackerdose visitors an exclusive 50% discount on their products. Now is the time to start taking your computer security seriously with the best antivirus on the planet.

For the Overviews

To remove the CiviApp program from your computer, you only need to follow a simple two-step procedure:

Step 1: Uninstall the software
Step 2: Run second-opinion scans

Step 1: Uninstall CiviApp

In order to get rid of CiviApp entirely from the computer system, we need to uninstall the software together with all of its leftovers.

While you can accomplish this with the Add & Remove Programs area in more recent Windows settings, it's far simpler to use the Programs and Features page in the Control Panel.

The publisher name, the installation date, and the version number will all be displayed in a single grid screen, making it simpler to locate the undesired program. Here's how to do so:

1. Click on the Windows key to open the Start menu.

Uninstall Step1

2. Type Control Panel in the provided search bar and select the first item from the search results.

Uninstall Step 2

3. Click on Programs and inside, select Programs and Features.

Uninstall Step3

4. You will be presented with a list of programs currently installed on your computer.

Uninstall Step4

5. Find CiviApp and right-click the item then select Uninstall/Change from the dropdown menu.

Uninstall Step5

We'll need to use a powerful uninstaller to do the dirty work for us if the software is stubborn and won't go away with normal approaches.

Fortunately, there are tools for this; Revo Uninstaller is a good uninstaller program made to tackle and remove uninstallable programs.

Revouninstaller icon Uninstall CiviApp using Revo Uninstaller

1. To start, download Revo Uninstaller by clicking here. Avoid downloading from third-party sources as they may contain additional bloatware upon installation.

Revo Step1

2. On the download page, opt for the free version of Revo Uninstaller as it has all the features we need. Click on Free Download to begin downloading the setup file.

Revo Step2

3. The revosetup.exe file would have started downloading. Click on it to start installing the software.

Revo Step3

4. Revo Uninstaller setup would now begin and follow the typical setup procedure such as selecting your setup language, accepting the license agreement, and selecting the installation location. Once setup is ready click Install.

Revo Step4

5. After the setup is finished, check the Launch Revo Uninstaller option to open the program upon closing the installer.

Revo Step5

6. Once Revo Uninstaller has opened, it will show you the list of applications currently installed on the computer. Find CiviApp, right-click it, and select Uninstall from the drop-down menu. (We will be using PC App Store to demonstrate.)

Revo Step6

7. A confirmation message stating if you are sure you want to uninstall the said program, click Continue.

Revo Step7

8. Follow the uninstallation instructions and this time, Revo Uninstaller would have forced the program to continue with the uninstallation compared to the previous attempt via Control Panel.

Revo Step8

9. You will be notified that the software has been uninstalled, Revo Uninstaller will now conduct a preliminary examination and get rid of additional files and registries related to CiviApp.

Revo Step9

10. On the selection of Scanning modes, select Advanced to make sure everything is scanned without leaving a single directory unnoticed.

Revo Step10

11. Wait for the scan to finish as Revo Uninstaller is checking for residual files and registries related to CiviApp.

Revo Step11

12. Revo Uninstaller may have found leftover Registry items, click Select All and proceed to delete them by clicking the Delete button next to it. After that, click Next.

Revo Step12

13. It may have also found some leftover files and folders, simply do the same by clicking Select All and deleting them. Now click Finish and the uninstallation of CiviApp is done.

Revo Step13

Step 2: Run second-opinion scans

Antivirus engines may not detect new threats in the early stages of infection due to the malware not yet being recognized by the security software. It might be discovered in the end, but it may be too late for the infected machines.

However, new malware threats may contain strings and signatures from previous malware in a database of existing security products. As a result, other antivirus software may identify it while others do not.

Since some antivirus software may not be able to detect it, we'll need more than one piece of security software to help us locate and remove the harmful threat.

Here's the good news: The programs mentioned below are completely free, which means you do not need to spend a dime to solve your malware problem. You can always use them anytime you feel your system is infected.

Please run the software individually. You can do so in any particular order.

  • Removal Tool
  • Emergency Kit
  • ESET Scanner
  • Malwarebytes
About the software

1. To start, download the Kaspersky Virus Removal Tool.

KVRT Step1

2. Once the download of the executable file (KVRT.exe) is complete. The program doesn't need to be installed on the computer, so you may begin running it straight away.

KVRT Step2

3. After reading the KSN Statement, Privacy Policy, and End User License Agreement, check the box indicating your agreement to the terms and conditions. To continue, click Accept.

KVRT Step3

4. Please wait for the system initialization process to finish, as the program will first check if your system is compatible.

KVRT Step4

5. Before we start scanning, we will have to set the scope of the scan. Click the Change parameters option to do so.

KVRT Step5

6. Check all the boxes to allow the computer to search through all of the disks and directories for malware. After that, click OK to return to the main screen.

KVRT Step6

7. We can now begin the scan; simply click the Start scan button, and the Virus Removal Tool will begin.

KVRT Step7

8. Await the scan's completion with patience. If there are any risks within the computer system, a notification will be displayed.

KVRT Step8

9. To completely remove the risks that the program has identified, click Delete from the drop-down menu of each discovered object.

KVRT Step9

10. Click Continue to remove the identified malware threats from your computer.

KVRT Step10
About the software

1. Download the Emsisoft Emergency Kit portable software.

Emsisoft Step1

2. You can launch the executable program (EmsisoftEmergencyKit.exe) directly from your downloads folder after downloading it.

Emsisoft Step2

3. Click Yes to let the program start on the computer when the User Account Control window appears.

Emsisoft Step3

4. Choose your program's destination folder and accept the license and maintenance terms. Next, click Install to continue.

Emsisoft Step4

5. Click Malware Scan on the homepage of the Emergency Kit application to start the scanning process. The amount of time it takes for the program to scan your computer will depend on how many files you have and the hardware capabilities of your system.

Emsisoft Step5

6. Emsisoft Emergency Scanner will display a list of the files that the program has detected when the scan is complete. To get rid of threats from your computer, click on Quarantine selected.

Emsisoft Step6

7. To complete the malware removal procedure, Emsisoft Emergency Scanner may also ask you to restart your computer. Simply click Reboot your system to finish the process.

Emsisoft Step7
About the software

1. Download the most recent version of ESET Online Scanner.

ESET Step1

2. After pressing the download button, the file (Esetonlinescanner.exe) should have been downloaded to your computer. It does not require any installations so you can simply run the aforementioned file.

ESET Step2

3. Before using ESET Online Scanner, it must be initialized. Choose your preferred language and click Get started. Continue as directed by the screen until the homepage appears.

ESET Step3

4. Click Computer scan from the homepage, then select Full scan from the three options available.

ESET Step4

5. Give ESET Online Scanner the permission to detect and remove potentially unwanted apps by ticking the Enable option. After that, click Start scan to begin the scanning process.

ESET Step5

6. Await the completion of the malware scan for your machine by the ESET Online Scanner. ESET Online Scanner would have automatically removed the threats it found after the scan. To complete the malware cleanup process, click Proceed.

ESET Step6
About the software

Note: We will only use the free version of Malwarebytes because it includes all of the capabilities we require.

1. Download the latest version of Malwarebytes Anti-malware.

Malwarebytes Step1

2. Malwarebytes will start downloading (MBSetup.exe) the installation file. Run the executable after the download is complete.

Malwarebytes Step2

3. To allow the program to execute, simply click Yes in the User Account Control window that may appear.

Malwarebytes Step3

4. The Malwarebytes setup wizard will now open; select Install to continue.

Malwarebytes Step4

5. You will be prompted by Malwarebytes to install the Browser Guard extension. Depending on whether you want it on your browser or not, you can choose to download it (the extension is completely free).

Malwarebytes Step5

6. Please wait as the Malwarebytes Setup installs itself. Follow the on-screen instructions until you have successfully installed Malwarebytes.

Malwarebytes Step6

7. Start by launching Malwarebytes Anti-malware for the first time after it has been installed. If you're installing Malwarebytes for the first time, you'll get a 14-day free trial of the premium version.

Malwarebytes Step7

8. After the program takes you to the main dashboard, click the Scanner box in the middle to start scanning the computer.

Malwarebytes Step8

9. You won't click Scan just yet when you get to the Scanner page. Rather, select Advanced scans as shown below.

Malwarebytes Step9

10. In the Custom scan section, click Configure scan. We will be able to alter the way the software scans the computer as a result.

Malwarebytes Step10

11. To detect hidden malware, click the box next to Scan for rootkits on the Configure Custom Scan screen. Additionally, to enable Malwarebytes to scan every drive on your computer, check the boxes next to each one.

Malwarebytes Step11

12. Once the Custom Scan options have been adjusted, click the Start Custom Scan button to get started.

Malwarebytes Step12

13. A side window displaying the computer scan's progress will appear. Please wait until Malwarebytes has completed its malware scan of the entire system.

Malwarebytes Step13

14. Following the completion of the scan, a list of threats found will appear. Check the boxes near all the malicious files and get rid of them from the computer by clicking the Quarantine button.

Malwarebytes Step14

If prompted, please restart your computer since Malwarebytes may require it.

System protection tips

As the saying goes:The biggest vulnerability is the person behind the screen

So, here are some tips and what you need to know in order to keep your device safe and malware-free in the long run.

Keep every software installed up to date

Make sure that all of the programs in your computer is up-to-date with the latest version released by the developer. The reason behind this is that these updates frequently tackle bugs and issues that malware actors often exploit.

The same goes for your computer's operating system, make sure Windows is up-to-date with the latest software update to prevent malware from exploiting a hidden vulnerability.

Avoid downloading files from unknown sources

One of the biggest sources of malware infection in a computer system is third-party installations. This happens when a user downloads a certain program from sources that are not the official download links. Some of the common types of sources where malware is present are torrent files, cracked software, and games.

Be careful with opening email attachments

Malware often disguises itself as resumes and quotations and threat actors often send thousands of these infected emails to company employees around the world in order to infiltrate their network.

Always check where your emails are coming from as there may be a chance that the project attachment you received via email did not actually come from a co-worker.

Do not visit unreputable websites

Avoid visiting websites that contain unfiltered advertisements such as illegal streaming websites, cracked software platforms, and links sent out to you by somebody you do not trust.

These sites are often linked to redirect chains that load once you click on an ad element on the page. Following this chain often leads to drive-by malware and phishing pages that an average user may eventually fail to notice.

Leave a comment