Kabatibly.co.in belongs to a particularly unpleasant group of browser hijackers sites that are specifically designed to show misleading notifications to prompt a rushed reaction from the user.
This and other similar hijackers, such as Itempoa[.]co[.]in and Comisopoa[.]co[.]in, will show a notification in the bottom-right of your screen that is made to appear like a legitimate antivirus warning. It typically has the McAfee or Norton logo and a text that tells you the system is at risk because there’s malware in it or because your AV license has expired.
The wording and the logo can differ, but the goal stays the same: to get you to interact with the pop-up and then funnel you into whatever scam the hijacker is set to propagate on that day. Needless to say, you mustn’t touch that pop-up; instead, flush out what triggers it and make it disappear from your system.
At HowToRemove.guide, we’ve dealt with similar hijackers many times, so the guide you’ll find below will let you navigate all the obstacles and tricks that Kabatibly.co.in might use to prevent its own removal.
Kabatibly.co.in Removal Guide
Hijackers like Kabatibly.co.in are typically stubborn and don’t go away too easily, but there are exceptions. Sometimes, you might be able to rid your browser of the hijacker in a couple of quick steps, without the need to dig any deeper. That’s why I recommend you try this option first, before moving on to the advanced steps further down this post:
- Open your browser menu > Settings > Extensions. Watch for anything suspicious or unknown, especially anything tied to Kabatibly.co.in.
- Remove extensions that seem out of place. If you didn’t install an extension, it must go.
- Note that rogue extensions might not always have an active Remove button. If you encounter such an add-on, just proceed to the next step – we’ll take care of it later.
- If you are on Chrome, head to Privacy and Security settings next. Enter Site Settings.
- If you are an Edge user, open Cookies and Site Data.
- Review the Notifications and Pop-ups and Redirects permissions. If you find any URLs you don’t recognize that have the respective permission, then delete them immediately.
Restart your browser to see if the issue is resolved. There’s some chance that these steps are enough to rid you of Kabatibly.co.in. But in case the hijacker is still present and you are still getting the distressing bottom-right pop-ups, you’ll need to try harder. The next detailed steps will show you exactly what you must do.
SUMMARY:
| Name | Kabatibly.co.in |
| Type | Browser Hijacker |
| Detection Tool |
The full manual guide below is somewhat time-consuming and also requires some level of experience. If you aren’t tech-savvy or simply lack the time to spare to go through all the steps, I recommend opting for the quicker and more effective solution of using SpyHunter 5.
This is a powerful anti-malware tool that I’ve used numerous times to clean my PC of stubborn malware that I couldn’t remove myself. If you are interested, you’ll find SpyHunter 5 linked on this page.
How to Remove the Kabatibly.co.in Virus
Most hijackers nowadays rely on exploiting the Enterprise Policies feature that most Chromium browser have. This lets them modify the browser settings while also stopping you from reversing said changes.
Seeing “Managed by your organization” on the Settings page or at the bottom of the browser menu confirms the presence of such a policy.
This is the first obstacle you must deal with. Here’s how to do that:
Visit one of the following pages depending on your specific browser
- For Chrome:
chrome://policy - For Edge:
edge://policy - For Brave:
brave://policy
If you are using a different Chromium-based browser that has the Policy Enterprise feature, just replace the name in the URL.
On the policies page, look for entries in the Policy Value column with strange or random-looking names. Copy these policy values to a document to have easy access to them during later steps.
You must also gather the IDs of any rogue extensions from the Extensions Manager, so go to it now.
More Advanced hijackers keep the Extensions page blocked to the user. They redirect to a different page when the user attempts to visit it.
To bypass these redirects, find the directory where the browser extensions data is stored. On Chrome, this directory is:
C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
Here are the extensions folder paths for several other commonly used browsers:
Delete all extension folders stored there. The goal is to delete the hijacker folder but, as you can see in the next image, the extension folders all have random letters as their names, so you have no way of knowing which of them is linked to the rogue extension.
- Deleting everything in this folder will corrupt your legitimate extensions too, but it’s really easy to repair them so don’t worry.
Once the extensions folder has been purged, you’ll be able to reach the Extensions Manager page. Go there now and turn on Developer Mode.
You must look for the ID of any rogue extensions. The ID should appear underneath the browser add-on, but if it’s not visible there, just click on the extension and the ID should be visible there.
You must save any rogue IDs in the same file as the policy values from earlier.
Video walkthrough for this step:
Get Rid of Kabatibly.co.in Virus Policies
The main method of deleting rogue policies is to find and delete their System Registry keys. You’ve gathered the policy values and extension IDs that you’ll need to find those keys, so it’s now time to clean your Registry:
- Open the Start Menu, search for “Registry Editor” or “regedit“, right-click, and select “Run as Administrator“.
- Once the Editor opens, select “Find” from the Edit menu and paste one of the policy values/extension IDs that you saved.
- Click Find Next. Delete each matching key carefully (they keys are the folders that appear in the left panel).
- Search again after every deleted key to confirm that no other instances remain.
- Once you’ve removed all keys related to a particular value/ID, move on to the next one. You must delete all keys related to all of the saved values and IDs.
If your access to a particular key is restricted and so you are not allowed to delete it, do this:
Right-click the parent key, select Permissions, then Advanced, then Change.
Enter “everyone” into the text field, Check Names > OK.
Tick both Replace options in the previous window, then Apply the changes and click OK.
The key is now back under your control and you’ll be able to delete it.
Video walkthrough for this step:
Other Ways to Delete Kabatibly.co.in Policies
There is more than one way to get rid of rogue policies. Two other options you can use if the Registry cleanup wasn’t enough or if you simply prefer not to tamper with the Registry Editor (a perfectly valid decision) are to use the Group Policy Editor or the Chrome Policy Remover (Google Chrome users only):
- Group Policy Editor: Access this by typing “Edit Group Policy” in the Start Menu. Open Local Computer Policy settings, then Computer Configuration, then right-click Administrative Templates. Click Add/Remove Templates and remove everything in the next list.
- Chrome Policy Remover (free tool): Download the Chrome Policy Remover from the provided link and run it as an administrator. Ignore any security warnings – the tool is safe. If you get a Windows warning, click “More Info“, then “Run Anyway” to bypass the alert. The tool automatically clears all policies installed in Google Chrome, but doesn’t work with other browsers.
Both of those options should provide a valid alternative to the Registry cleanup. However, I still recommend that you clean the system Registry in the way I showed above this is the most thorough way of eliminating hijacker settings and data from your system.
Video walkthrough for this step:
Manual Group Policy Removal
Automatic Group Policy Removal
Remove the Kabatibly.co.in Malware From Your Browser
The reason you needed to remove the rogue hijacker policies from your browser was to be able to uninstall any malware extensions and revoke any unwanted changes introduced to your browser. If you’ve completed everything correctly up to this point, you should now be able to do that:
First, go back to the Extensions Manager in your browser. This time you should be able to successfully delete anything suspicious. Go ahead and do it.
Then enter the browser’s Privacy and Security settings to clear the browsing data. Clear everything save for your Passwords and Login data. I recommend using the All Time range.
Then, if you are using Chrome, go to Site Settings, which is also in the Privacy and Security section. Edge users should go to Cookies and Site Data.
This time, I recommend checking every single permission category. Like before, remove any URL that could trigger a reappearance of Kabatibly.co.in.
You must also go to the Search Engine settings and set a trusted search provider in case that was changed by the malware.
Additionally, be sure to check the list of search engines in the Manage Search Engines section, and remove any unrecognized entries.
Finally, the last two settings sections that require your attention are On Startup and Appearance. Here, you must also scan for rogue URLs and delete anything that doesn’t seem trusted.
Video walkthrough for this step:
Chrome
Microsoft Edge
Mozilla Firefox
With this, the guide on how to remove Kabatibly.co.in concludes. If even after completing all the steps shown here, the hijacker keeps bothering you, the answer is to use SpyHunter 5 or another reliable tool to perform a thorough system cleanup.
Leave a Comment