If you recently got startled by an alarming pop-up in the bottom-left corner of your screen that told you your system is at risk and you need to update/renew your antivirus protection, don’t worry. This is almost certainly just Itempoa.co.in or another browser hijacker like Doam[.]co[.]in or Denaliview spamming you with fake notifications.
Itempoa.co.in is a rogue website that has a single goal: to get pop-up/notification permissions in your browser and then spam you with ads disguised as misleading warnings. The way it gets inside the browser differs, which is why you’ll need to apply a multi-stage removal process, but the good news is your PC isn’t in any immediate danger.
However, it’s strongly recommended to get rid of Itempoa.co.in ASAP because these pop-ups can lead to all kinds of sketchy sites. Also, the hijacker might have come alongside rogue extensions that are now in your browser, so you must deal with those too. Just go to the steps I’ve prepared for you below, and you’ll learn how to do all that.
Itempoa.co.in Removal Tutorial
I won’t lie to you, Itempoa.co.in will probably take some time and effort to remove if you want to go the manual route However, in some lucky instances, you may be able to get rid of it through a couple of simpler steps, so I recommend you try them first:
- In the affected browser, go straight to the menu and click on Extensions
- Look for anything suspicious. Obviously, look for Itempoa.co.in but also for other sketchy extensions. If you find what needs to be uninstalled, click the “Remove” button.
- After the extensions, move on to the Privacy and Security settings.
- Head to the Site Settings section and focus on the Notifications and the Pop-ups and Redirects permissions.
- Look for unfamiliar URLs and if you find any, delete them without delay.
Now you must restart and see if the problem is gone. Don’t be surprised or worried if these steps weren’t enough or if you weren’t able to perform any of them for instance, there might not be a Remove button under the rogue extension.
That’s all normal for hijackers like Itempoa.co.in and quick fixes don’t always work. That is why I’ve prepared a more detailed guide that you’ll find below.
SUMMARY:
| Name | Itempoa.co.in |
| Type | Browser Hijacker |
| Detection Tool |
If you downloaded some rogue app that installed Itempoa.co.in in your browser, you need to delete that app too. If you let it stay, it could reinstall the hijacker even after you delete it. The issue is that I can’t offer you specific instructions for clearing your system as I don’t know what you installed on it in the first place.
Therefore, the solution I recommend here is to employ the help of SpyHunter 5, which is a powerful anti-malware tool that can scan your system, find any lingering malware, and get rid of it, so that Itempoa.co.in doesn’t get reinstalled in your browser.
How to Get Rid of Itempoa.co.in in Chrome and Edge
When Itempoa.co.in refuses to budge, it’s time to take things up a notch. Hijackers control browsers by introducing custom policies that block the user’s access to their settings. If you see the message “Managed by your organization,” it means the hijacker has added such a policy and that’s the first thing you’ll need to solve:
Depending on the browser you are using, type one of the following in the URL bar and go to that address (this is only for Chromium browsers):
- Google Chrome: chrome://policy
- MS Edge: edge://policy
- Brave: brave://policy
It’s the same principle with all other Chromium browsers that have the enterprise policies feature. You just change the name in the URL.
On the policies page, look at the values column and see if there are any values made of randomized letters, like in the image below.
If you see anything like this, copy the respective value into a notepad file so you can easily access it later. Make sure to save all suspicious values.
Then head to the Extensions Manager of your browser to gather some more relevant info.
It’s possible that the hijacker tries to obstruct you when you try to go there and redirects you to Google or some other site. I’ve found this to be a valid solution:
Go to the system directory where your browser stores its extensions data. On Chrome, these extensions live in:
- C:\Users[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
The directories for other popular browsers are shown below:
You must now delete all folders that belong to rogue extensions, but since you won’t know which folders those are, you’ll simply need to delete everything.
All extensions, including your legitimate ones, will get damaged, but the ones you want to keep can be easily repaired later.
Once you’ve deleted the extensions, go back to the Extensions Manager and toggle on the Developer Mode option.
You should now see the IDs of each extension. Note down the ID of the Itempoa.co.in extension and any other rogue ones.
If you still don’t see the IDs, just click the respective extension and its number should be shown on the next page.
Each rogue ID must be saved in a file just like you did with the rogue policy values.
Video walkthrough for this step:
Delete Itempoa.co.in Virus Policies
You now have the information needed to hunt down and delete the rogue policies that Itempoa.co.in has enforced within your browser.
To do that, you must first enter the Registry Editor. Open your Start Menu. Search for “Registry Editor” or “regedit“, right-click the result, and select Run as Administrator.
In the Editor window that opens, select the Edit menu and click Find.
Copy-paste the policy value you saved earlier into the search field and click on Find Next.
The system will search for keys linked to Itempoa.co.in. When the matching key appears, delete it (the keys are the folders you see in the left panel).
Note that each time you search, only a single result will be shown even if there are multiple related keys. Therefore, always search again after you delete a key to confirm there aren’t others left.
You’ll need to do this for every rogue policy value and extension ID you saved earlier.
You might be forbidden from deleting certain keys due to limited access. Here’s the way I’ve found to bypass this:
You must first right-click on the parent key of the one you want to delete and open Permissions.
Then select Advanced > Change and type the word “everyone” in the text field. Click the Check Names option and then click OK.
On the previous page, enable both “Replace” options, and then Apply the changes.
Now the key should be under your control and you’ll be able to delete it.
Video walkthrough for this step:
Alternative Ways to Remove Itempoa.co.in Policies
I’ve found two alternative solutions to get rid of hijacker policies that you can try if the Registry method doesn’t work or feels too challenging:
Search for Edit Group Policy in the Start Menu and open it.
Go to Local Computer Policy > Computer Configuration, right-click the Administrative Templates folder, and click Add/Remove.
Look for unfamiliar templates. Hijackers sometimes slip in rogue templates that give them control. Delete anything you don’t recognize. If in doubt, remove all of them. You can always reinstall necessary ones later.
If you are a Google Chrome user, I also strongly recommend the Chrome Policy Remover. This free utility automates the removal of rogue policies.
Just download it, right-click it, and run it with admin rights.
Your system or AV may issue a security warning. Ignore it. The tool is safe.
If you get the Windows warning, just click More Info to get the Run Anyway option, and then launch the tool.
It quickly eliminates policies set by Itempoa.co.in. Once the tool finishes, your browser should no longer display the “Managed by your organization” message.
Video walkthrough for this step:
Manual Group Policy Removal
Automatic Group Policy Removal
How to Uninstall the Itempoa.co.in Extension
Now that you’ve dealt with the rogue hijacker policies, there’s only one thing left to do – the actual browser cleanup.
Reopen your browser and return to the Extensions Manager. Check again for suspicious extensions and delete anything even remotely linked to Itempoa.co.in. You need to be thorough.
Visit your browser’s Privacy and Security settings again. You’ll need to delete your browser’s cache, cookies, and temporary files. Really, all browsing data except your passwords.
Click the Delete browsing data button, go to Advanced, put ticks in the various boxes (just not in the Passwords one), and delete the browsing data after choosing the All Time range.
Next, return to Site Settings and double-check every permissions section. Make sure no rogue URLs are granted any permissions in your browser.
Be relentless with this step. Even one leftover URL could be enough to trigger a hijacker’s return.
Your browser’s search engine settings have also likely been altered by Itempoa.co.in. Reset them. Choose a trusted search engine provider. Google or Bing, for example.
Then open the Manage Search Engines section to get rid of any suspicious entries.
The hijacker may also have changed your startup pages. Check the On Startup and Appearance settings. Delete any URLs you didn’t add yourself.
Video walkthrough for this step:
Chrome
Microsoft Edge
Mozilla Firefox
Remove the Itempoa.co.in Virus
After all these steps, Itempoa.co.in should be gone. Your browser should feel like it’s back to normal. However, as I noted earlier, hijackers like Itempoa.co.in often come bundled with other software. If you download something unwanted without realizing it, you could go back to square one unless you also get rid of that rogue software.
Again, I recommend SpyHunter 5 to help you deal with any malware that’s installed in your system. You can try to flush out the malware yourself, but the chances of something slipping through the cracks are high, so you’ll likely need the help of specialized software to deal with all rogue remnants.
Leave a Comment