How to remove "Roxaq Apps" unwanted application

What kind of application is Roxaq Apps?

While investigating an installation setup promoted by a rogue webpage, we discovered the "Roxaq Apps" PUA (Potentially Unwanted Application). This program acts as a dropper for the Legion Loader malware. On our test machine, Roxaq Apps was installed together with the fake "Save to Google Drive" browser extension.

Roxaq Apps overview

Potentially unwanted applications typically possess harmful abilities. Roxaq Apps is designed to infiltrate into systems (i.e., function as a dropper for) the Legion Loader malware. The software in question is a loader – a type of malware that introduces additional malicious programs/components into devices.

Legion Loader is known to proliferate information-stealing programs, trojans, ransomware, cryptocurrency miners, and malicious browser extensions. To expand upon these programs, stealers extract/exfiltrate data, trojans have a variety of features (ranging from causing chain infections to stealing information), and ransomware encrypts files to demand ransoms for the decryption.

The Google Chrome Extensions pushed by Legion loader functioned by collecting browsing histories, extracting email contents, and turning browsers into HTTP proxies to abuse Internet resources (proxyware).

As mentioned in the introduction, Roxaq Apps was installed alongside the fake "Save to Google Drive" browser extension on our testing system. This extension has various functionalities, which may be used to modify browsers' appearance and behavior, display browser notifications, steal/alter clipboard content, gather browsing-related information, and so forth.

In summary, the presence of software like Roxaq Apps on devices can result in multiple system infections, serious privacy issues, financial losses, and identity theft.

Threat Summary:

Name	"Roxaq Apps" potentially unwanted application
Threat Type	PUP (Potentially Unwanted Program), PUA (Potentially Unwanted Application), Dropper.
Detection Names (installer)	N/A (VirusTotal)
Payload	Legion Loader
Symptoms	A program that you do not recall installing suddenly appeared on your computer. Seeing advertisements not originating from the sites you are browsing. Intrusive pop-up ads. Rogue redirects. Decreased Internet browsing speed.
Distribution Methods	Deceptive pop-up ads, free software installers (bundling).
Related Domains	feedshareeasyfile[.]com
Damage	Multiple system infections, monetary loss, privacy issues, slow computer performance.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Potentially unwanted application examples

We have written about countless unwanted applications; Cuiall Apps, Kiicvoq Apps, and Tiaoq App are just a couple of our articles on apps that drop Legion Loader.

Usually, PUAs have harmful abilities, such as collecting sensitive information, displaying ads (adware), changing browser settings to promote fake search engines (browser hijackers), and so on.

Software within this classification tends to appear ordinary and useful. Users may be enticed into downloading/installing PUAs by promises of "handy" functionalities. However, these functions seldom work as advertised, and in most cases – they do not work at all.

It must be emphasized that even if an app or a browser extension operates exactly as described by its promotional material – that alone does not prove its legitimacy or safety.

How did potentially unwanted applications install on my computer?

We downloaded an installer containing Roxaq Apps from the feedshareeasyfile[.]com rogue webpage. Sites of this kind are mainly accessed via redirects caused by intrusive ads, websites utilizing rogue advertising that works, spam browser notifications, misspelled URLs, and adware.

Other promotional methods are not unlikely. PUAs are often proliferated using the bundling marketing method, which involves packing ordinary program installation setups with unwanted/malicious additions.

These setups can be downloaded from freeware and free file-hosting sites, P2P sharing networks, and other suspicious sources. The risk of allowing bundled content into the device is increased by inattentiveness when installing (e.g., ignoring terms, using "Easy/Express" settings, etc.).

Intrusive advertisements spread unwanted software as well. Once clicked on, some of these adverts can execute scripts to perform downloads/installations without user consent.

How to avoid installation of potentially unwanted applications?

We recommend researching software and downloading it only from official/trustworthy channels. Installation processes must be approached with caution, e.g., by reading terms, exploring possible options, using the "Custom/Advanced" settings, and opting out of all additional apps, extensions, etc.

Another recommendation is to be careful while browsing since the Internet is rife with well-disguised fraudulent and malicious content. For example, while intrusive advertisements may appear harmless – they redirect users to unreliable and questionable sites (e.g., scam-promoting, adult dating, gambling, etc.).

In case of continuous encounters with such ads/redirects, inspect the system and immediately remove all dubious applications and browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Rogue website (feedshareeasyfile[.]com) promoting Roxaq Apps application:

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Roxaq Apps?
• STEP 1. Uninstall deceptive applications using Control Panel.
• STEP 2. Remove rogue extensions from Google Chrome.
• STEP 3. Remove potentially unwanted plug-ins from Mozilla Firefox.
• STEP 4. Remove rogue extensions from Safari.
• STEP 5. Remove rogue plug-ins from Microsoft Edge.

Removal of potentially unwanted applications:

Windows 11 users:

Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.

Windows 10 users:

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Windows 7 users:

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

macOS (OSX) users:

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

In the uninstall programs window, look for "Roxaq Apps" and other suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove rogue extensions from Internet browsers:

At time of research, Roxaq Apps was installed alongside the fake "Save to Google Drive" browser extension. Unwanted applications are often installed together with adware and browser hijackers. If you experience unwanted ads or redirects when browsing the Internet, continue with the removal guide below.

Video showing how to remove potentially unwanted browser add-ons:

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

Optional method:

If you continue to have problems with removal of the "roxaq apps" potentially unwanted application, reset your Google Chrome browser settings. Click the Chrome menu icon  (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Remove malicious plugins from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window), select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

Optional method:

Computer users who have problems with "roxaq apps" potentially unwanted application removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.

Select Troubleshooting Information.

In the opened window, click the Refresh Firefox button.

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Remove malicious extensions from Safari:

Make sure your Safari browser is active, click Safari menu, and select Preferences....

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

In the opened window select all history and click the Clear History button.

Remove malicious extensions from Microsoft Edge:

Click the Edge menu icon  (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.

Optional method:

If you continue to have problems with removal of the "roxaq apps" potentially unwanted application, reset your Microsoft Edge browser settings. Click the Edge menu icon  (at the top right corner of Microsoft Edge) and select Settings.

In the opened settings menu select Reset settings.

Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.

• If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.

Summary:

Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.

Post a comment:
If you have additional information on "roxaq apps" potentially unwanted application or it's removal please share your knowledge in the comments section below.

Frequently Asked Questions (FAQ)

What is the purpose of an unwanted application?

Unwanted apps are designed to generate revenue for their developers/publishers through nefarious means, such as causing chain infections, promoting in-app purchases, endorsing content (via ads, redirects, etc.), tricking users into buying fake activation keys, collecting/selling private data, and so on.

Are unwanted applications legal?

In most cases, unwanted applications are considered legal because their EULAs (End User License Agreements) provide information concerning the software's behavior.

Is having Roxaq Apps installed on my computer dangerous?

Roxaq Apps infiltrates into system the Legion Loader malware – a program designed to cause chain infections. At the time of research, this unwanted app was installed alongside the fake "Save to Google Drive" browser extension. Hence, Roxaq Apps can cause multiple system infections, severe privacy issues, financial losses, and identity theft.

Will Combo Cleaner help me remove Roxaq Apps unwanted application?

Combo Cleaner can detect and remove all kinds of threats, including unwanted/malicious applications. Note that manual removal might not be a perfect solution. After an app has been manually removed (without security tools) – various file leftovers can remain hidden within the system and continue running. Keep in mind that performing a full system scan is essential for detecting high-end malware since it usually hides deep within systems.

▼ Show Discussion