Msdefender.co.in is a malicious website that worms its way inside your browser, gains notification permissions, and then spams you with fake pop-ups that are made to look as if they are from Windows Defender.
Important! – The Msdefender.co.in notifications in the bottom-right are not legitimate and you shouldn’t interact with them!
We’ve seen many similar sites – Qumiho.co.in, Kabatibly.co.in, and more, and they all work in pretty much the same way. Their pop-ups are designed to get you worried about a problem with your system so that you click on them. Then they reroute you to some fake/scam site, where you are likely to get exposed to phishing content or actual malware.
If you see the Msdefender.co.in, know that your browser has been hijacked and you must get rid of the hijacker to bring things back to normal. The way you can do this will be shown below.
Msdefender.co.in Virus Pop-up Removal Steps
Depending on how got Msdefender.co.in in your browser and what’s keeping it there (if anything), the solution might take only a couple of quick steps or a lengthier removal process. To potentially save you time, I suggest you try the quick steps first:
- First, open your browser. Navigate to the settings menu and find the Extensions or Add-ons section.
- Every installed extension appears in this list. If you spot an extension you didn’t install, disable it and remove it.
- Access the Privacy and Security settings and find Site Settings. In Edge, look under Cookies and Site Data.
- Look over sites with permissions under Notifications, Pop-ups, and Redirects. If you spot unrecognized URLs block or delete them.
- Go to Search Engine and make sure the default search tool is a reliable one like Google or Bing.
If these quick steps don’t do it and you are still struggling with Msdefender.co.in, move on to the full guide below.
SUMMARY:
| Name | Msdefender.co.in |
| Type | Browser Hijacker |
| Detection Tool |
Before you continue, keep in mind that this next guide will take an hour or more to complete and will also require some basic technical proficiency on your end. If you lack the time or experience, consider opting for the automatic removal tool SpyHunter 5 which you’ll find linked here. It can help you deal with this hijacker and also keep you protected from future threats.
How to Remove Msdefender.co.in
The reason most users struggle with the removal of this hijacker is that it has added a rogue policy tot he browser that blocks its settings. A “Managed by your organization” in the browser menu indicates that such a policy has been enforced. In this case, your first goal is to get rid of that policy in the way I’ve shown next.
Access the policy page for your browser.
In Chrome, enter “chrome://policy”; for Edge, type “edge://policy”; in Brave, use “brave://policy.”
Most Chromium browsers follow a similar format.
Once there, scan the policy entries. Policies with values made of random, unfamiliar characters often indicate malware.
Copy each suspicious value to a text file.
These values guide the next steps, so saving them will make your job easier.
Return to the Extensions or Add-ons page to look for the IDs of rogue extensions.
If you cannot access the Extensions page (Msdefender.co.in might redirect you), locate your browser’s extension folder in the system files.
Chrome extension folders are typically found here:C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
If you re using a different browser, here are the paths to some more popular ones:
Delete all folders in the directory. This disables every extension, including safe ones, but you can restore these very easily.
Now, return to the Extensions page, and activate Developer Mode. Copy the unique IDs of each suspicious extension. Then save them to your text file.
You’re now ready to hunt down the malware policies.
Video walkthrough for this step:
Delete Msdefender.co.in Malware Registry Keys
The Registry Editor is your main tool for hunting down and deleting malicious policies. You’ll have to use the file from the previous step for that purpose – the one with the saved policy values and extension IDs. Also, be careful when editing the Registry and only delete things you know are linked to the malware.
- Open the Registry Editor through the Start Menu (open it as an admin).
- Press
Ctrl + Fto open Find, then enter a saved policy value. - Click Find Next and the Find tool locates associated registry keys.
- Delete each located key entirely (left panel). Then proceed to search and delete until there are no more relevant entries.
- Repeat the search for all saved policy values and extension IDs until no matches remain.
Some keys may resist your deletion attempts. Right-click their “parent” key—the one above the locked key—and select Permissions.
Navigate to Advanced settings, select Change, enter “everyone” in the field, then confirm by clicking Check Names, and click OK.
Check the Replace options in the previous window and click Apply > OK.
This action grants the permissions necessary for deletion.
Video walkthrough for this step:
Alternative Ways to Remove Msdefender.co.in Policies
I have two other ways for you to hunt down rogue policies in case the Registry cleanup wasn’t enough. You can also use them in case you don’t feel comfortable editing the Registry, though I still recommend giving a try to the previous step as it is the most comprehensive cleanup option.
Press Winkey + R, type “gpedit.msc,” and press Enter.
Find the “Administrative Templates” under Local Computer Policy.
Right-click to Add/Remove Templates, then delete any templates that appear unfamiliar.
Removing all entries here won’t harm functionality, as most users don’t manually add templates.
Chrome users have another choice: Chrome Policy Remover.
This automated tool removes rogue policies and you can use it for absolutely free.
After you download it, run it with administrator rights. Ignore any security warnings; the Policy Remover is safe.
The tool will automatically run a short script that erases all Chrome policies at once.
Video walkthrough for this step:
Manual Group Policy Removal
Automatic Group Policy Removal
Get Rid of Msdefender.co.in Pop-ups in Your Browser
Once you successfully get rid of the Msdefender.co.in policy, you’ll have the control of your browser back in your hands. Now you just need to reverse and unwanted changes that the hijacker has made in its settings. Here’s how to do it:
Access the Extensions or Add-ons section again and delete anything suspicious. At this stage, you should recognize any potentially harmful extensions.
Clear browsing data next. Privacy and Security settings contain an option to delete browsing data – click it and select “All Time.”
Check all data types except passwords. Clearing data deletes caches and cookies, which can hold malware-related content.
Return to Site Settings. In Chrome, look for them under Privacy and Security; for Edge, you must go to Cookies and Site Permissions.
You must now check each permission category for rogue URLs and block/delete them.
Review Search Engine settings. Choose a reputable search engine as your default, then delete any unrecognized URLs under Manage Search Engines.
Go to Startup settings and delete any unfamiliar URLs listed there. Then do the same in the Appearance section.
Video walkthrough for this step:
Chrome
Microsoft Edge
Mozilla Firefox
Leave a Comment