How to Remove Malware from Microsoft Edger browser [Guide]

Microsoft Edge adopts robust security measures to keep malware at bay. But like any browser, it is still vulnerable to crafty infections from browser hijackers, redirect malware, spyware and more.

If your Edge starts misbehaving with constant pop-ups, frequent crashing, or unwanted changes, it likely has a malicious infection. The good news is you can fully disinfect Edge and restore its performance.

This comprehensive guide covers the common Edge malware threats, how to identify compromised browsers, and proven steps to eliminate infections. With the right approach, you can clean up Edge and take back control of your browsing experience.

Types of Malware That Infect Edge

While Microsoft Edge has robust built-in security, some crafty malware still sneaks through its defenses. Being aware of the most common threats helps you recognize and eliminate infections. Here are the top varieties to watch for:

Browser Hijackers

Browser hijackers covertly modify Edge’s settings and insert unwanted changes without permission. They often switch the default search engine so that Edge uses something unreliable or ad-heavy like Yahoo Search. Hijackers also change the default homepage and new tab page.

For example, the SmartBar hijacker replaces search with Ask.com and loads shady new tabs riddled with ads. Hijackers may also change omnibox results so searches redirect to ad pages regardless of what you type. Stranger toolbars like ShopperPro often accompany hijackers.

Redirect Malware

This nasty malware causes Edge to silently redirect you to phishing, scam and malicious pages when clicking legitimate links. The original URL in the address bar does not change, making it seem you ended up at the correct destination.

Redirectors pose serious threats because they canalize traffic to dangerous sites where drive-by-downloads and zero-day exploits await. Banking trojans like Qbot often leverage redirectors to steal credentials.

Adware

As the name suggests, adware bombards users with excessive pop-up, banner, text and video ads when browsing in Edge. Ads may seem harmless at first but quickly escalate to intrusive and inappropriate content. Adware can dramatically slow browsing speeds as well.

Some adware auto-clicks and interacts with ads to fraudulently inflate affiliate commissions. Adware often sneaks onto systems bundled with “free” software like video converters and download managers that users install without reading carefully.

Cryptojacking Scripts

This emerging threat uses Edge to hijack your device’s resources to mine cryptocurrency without permission. The scripts run complex calculations on your CPU and GPU to verify blockchain transactions, minting digital coins for the attackers. This strains your hardware and causes Edge to lag.

In severe cases, the strain can actually degrade components like GPUs over time leading to premature failure. Laptops in particular overheat and slow down significantly once infected with cryptojacking scripts.

Information Stealing Malware

As the name suggests, this malware secretly logs your activity and snoops data entered into Edge like passwords and credit cards. Using tools like hidden keyloggers, it records everything you type into forms. The data gets sent back to attackers for identity theft or sold on the dark web.

Information stealing malware poses a huge privacy violation and identity theft risk. There are also varieties that switch on your webcam to record you without consent. Monitoring antivirus to disable it is common as well.

Now that you know the most common Edge malware threats, staying vigilant for infection warnings becomes much easier. But ideal defense is preventing malware in the first place with secure computing habits.

How to Tell if Microsoft Edge Has Malware

Microsoft Edge malware infections start off subtle but quickly escalate and seriously hurt browser performance. Being able to recognize the symptoms of a compromised browser early is key so you can take swift action.

Watch out for these common signs indicating your Microsoft Edge has picked up malware:

Frequent Crashes and Freezes

As malware strains system resources, Edge will begin crashing or freezing frequently, especially when opening multiple tabs or pages simultaneously. Web pages also take forever to load or fail to load completely. Videos buffer endlessly even on fast connections.

Redirection to Suspicious Sites

When clicking legitimate site links or typing URLs directly into the address bar, Edge will instead redirect you to odd pages and domains against your will. For example, microsoft.com redirects to an error page instead of the real Microsoft site.

Barrage of Pop-up Ads

If you suddenly start seeing tons of intrusive pop-up ads appear on every site, that likely indicates adware has infected Edge. The relentless pop-ups are difficult to close faster than they spawn. They promote questionable products, services, and suspicious downloads.

New Unknown Extensions

Pull up the Extensions page in Edge and look for any recently added extensions or toolbars you don’t remember installing yourself. Malware often secretly installs unwanted extensions to inject more ads, steal data, and redirect traffic.

Settings Changes

If Edge’s default search engine, homepage, or new tab page have been changed without your knowledge, that points to browser hijacker malware modifying settings.

Overheating and Loud Fan Noise

Excessive heat and loud fan spin ups are signs cryptojacking malware may be running mining scripts in the background, overworking your hardware’s resources via the browser.

Edge Opens Itself at Startup

If Edge suddenly launches itself immediately when you power on or login to your computer without you clicking it, that’s a clear indicator of malware infection. Malware ensures its malicious scripts run automatically.

Noticing any of these symptoms means your Edge browser has likely been compromised by malware. But prompt action can fully remove the infections before they create serious issues. Stay vigilant for any shady browser behavior!

Removing Malware from Microsoft Edge

Here’s how to remove all malware from your Windows and Microsoft Edge:

• STEP 1: Use Rkill to terminate malicious processes
• STEP 2: Uninstall malicious programs from your computer
• STEP 3: Remove malicious browser policies from Windows
• STEP 4: Remove malicious files and folders from Windows
• STEP 5: Reset your browser settings to their defaults
• STEP 6: Use Malwarebytes to remove trojans and browser hijackers
• STEP 7: Use HitmanPro to scan your computer for rootkits and other malware
• STEP 8: Use AdwCleaner to remove adware and malicious browser policies

STEP 1: Use Rkill to terminate malicious processes

In this first step, we will download and run Rkill to terminate malicious processes that may be running on your computer.

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools.

1. Download Rkill.

   You can download RKill to your computer from the below link. When at the download page, click on the Download Now button labeled iExplore.exe. We are downloading a renamed version of Rkill (iExplore.exe) because some malware will not allow processes to run unless they have a certain filename.

   

   RKILL DOWNLOAD LINK
   (The above link will open a new page from where you can download Rkill)

2. Run RKill.

   After downloading, double-click the iExplore.exe icon to kill malicious processes. In most cases, downloaded files are saved to the Downloads folder.
   The program may take some time to search for and end various malware programs.

   

   When it is finished, the black window will close automatically and a log file will open. Do not restart your computer. Proceed to the next step in this guide.

STEP 2: Uninstall malicious programs from your computer

In this second step, we will manually check if any unknown or malicious programs are installed on the computer. Sometimes adware and browser hijackers can have a usable Uninstall entry that can be used to remove them.

With the malicious programs removed, you’re ready for the next step in this guide.

STEP 3: Remove malicious browser policies from Windows

In this third step, we will download the Chrome Policy Remover file (credits to Stefan Van Damme) and remove the malicious browser policies. .

1. Download the Chrome Policy Remover

   Click the button below to download the Chrome Policy Remover for Windows — a small batch script that automatically removes the malicious policies that malware uses to lock your Chrome settings.

   

   DOWNLOAD CHROME POLICY REMOVER (FREE)
   (The link downloads the delete_chrome_policies file to your computer)
   Seeing a security warning? That’s expected — browsers and Windows flag all batch (.bat) files as a precaution, regardless of what they do. The Chrome Policy Remover is a trusted, widely used tool; click “Keep” to proceed with the download.

2. Run the file as administrator

   Right-click the “delete_chrome_policies.bat” file (usually in your Downloads folder) and select Run as administrator. Administrator rights are required because Chrome policies are stored in protected system settings — without them, the tool can’t remove the policies.

   

3. Confirm and let the script finish

   Windows will ask for confirmation before allowing the script to make changes — click “Yes” (or “Run“, depending on your Windows version). A Command Prompt window will open and the script will remove the policies automatically; this only takes a few seconds. When it’s done, close the window.

   

With the malicious policies removed, Chrome’s settings are unlocked again. In the next step, we’ll reset the browser to its defaults.

STEP 4: Remove malicious files and folders from Windows

In this fourth step, we will manually search and remove malicious scheduled tasks and folders on your computer.

1. Delete Malicious Scheduled Tasks

This infection often creates a scheduled task in the Windows Task Scheduler that reinstalls the malware every few minutes after you delete it. That’s why the redirects keep coming back even after a cleanup — until this task is removed, the infection will keep restoring itself.

1. Type “Task Scheduler” in the Windows search bar and open the app, as shown below.
   Alternatively, press Windows + R, type “taskschd.msc“, and press Enter.
2. In the Task Scheduler window, click Task Scheduler Library in the left pane.
3. Look through the list for the malicious scheduled task. It often imitates a legitimate name (e.g. Chrome_Policy, Chrome_Bookmarks, Chrome_Folder) or has a random string of characters as its name. A useful check: click a task and look at the Actions tab — if it runs a file from the AppData folder, it’s almost certainly malicious. Right-click the task and select “Delete“.

2. Delete Malicious Files from the AppData\Roaming Folder

Next, we’ll delete the malicious files the infection stores in the AppData\Roaming folder.

1. Press Windows + R to open the Run app (or type “Run” in the Windows search bar).
2. In the Run box, type “%AppData%” and click OK. Windows will open the Roaming folder directly.
   

   

3. Look for and delete any unknown folders with names like Default, Chrome32, Energy, Bloom, or Travel. The exact names on your computer may differ, but the pattern is the same: short, generic-sounding names that don’t match any program you’ve installed.
   Be careful: only delete folders you’re confident don’t belong to a real program. Legitimate apps (Adobe, Spotify, Discord, etc.) also store their data here. If you’re unsure about a folder, search its name online first — or skip it; the automated scanners later in this guide will catch what you miss.
   

3. Delete Malicious Files from the AppData\Local Folder

Now we’ll do the same in the AppData\Local folder, and also remove the malicious Chrome extension the infection installed.

1. Press Windows + R to open the Run app (or type “Run” in the Windows search bar).
2. In the Run box, type “%localappdata%” and click OK. Windows will open the AppData\Local folder directly.
   

   

3. Look for and delete the Default, WindowsApp, and ServiceApp folders, if present. (The same caution applies — when in doubt, look the name up before deleting.)

   Next, open the Google folder and navigate to Google > Chrome > User Data > Default (or Profile) > Extensions. Inside the Extensions folder, find and delete the malicious extension’s folder — it will have a long, random-looking name. If you’re not sure which one it is, you can check each folder’s contents, or compare the names against the extensions visible at chrome://extensions in Chrome.

   Important: inside User Data, the folder named “Default” is your legitimate Chrome profile — do not delete it. Only delete the individual extension folder inside Extensions.

   

4. Fix the Hijacked Chrome Shortcut

This malware often modifies your Chrome shortcut so that every time you open the browser, the malicious extension loads with it. Here’s how to clean the shortcut:

1. Right-click the Google Chrome shortcut on your desktop or Start Menu and select “Properties“.
2. On the Shortcut tab, check the “Target” field. It should end with chrome.exe” and nothing more. Delete any extra text appended after it — especially anything referencing the AppData folder, such as:
   –load-extension=C:\Users\%USERNAME%\AppData\Local\Default
3. Click OK to save the changes.
4. Open Chrome from the shortcut as usual — the malicious extension should no longer load at startup.

Tip: if you’d rather not edit the Target field, there’s an easier fix — right-click the shortcut, select “Open File Location“, then drag chrome.exe to your taskbar to create a fresh, clean shortcut. Delete the old one.

With the malicious tasks, folders, and shortcut modifications removed, we can continue with the next step of this guide.

STEP 5: Reset your browser settings to their defaults

In this step, we will remove spam notifications,  malicious extensions, and change to default any settings that might have been changed by malware.
Please note that this method will remove all extensions, toolbars, and other customizations but will leave your bookmarks and favorites intact. For each browser that you have installed on your computer, please click on the browsers tab below and follow the displayed steps to reset that browser.

STEP 6: Use Malwarebytes to remove trojans and browser hijackers

In this step, we will install and run a scan with Malwarebytes Free to remove any infections, adware, or potentially unwanted programs that may be present on your computer.

Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.

1. Download Malwarebytes

   Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.

   

   DOWNLOAD MALWAREBYTES FOR WINDOWS (FREE)
   
   (The link opens in a new page where your download will start)

2. Install Malwarebytes

   When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.

   

3. Follow the On-Screen Prompts to Install Malwarebytes

   The setup wizard will walk you through a few quick screens:

   • Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.

     

   • Malwarebytes will now install on your device. This usually takes under a minute.

     

   • When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.

     

   • On the final screen, click Open Malwarebytes to launch the program.

     

4. Enable “Scan for Rootkits”

   Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.

   

   In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.

   

   Done? Click “Dashboard” in the left pane to return to the main screen.

5. Start the Scan

   Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.

   

6. Wait for the Scan to Finish

   The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.

   

7. Quarantine the Detected Threats

   When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.

   

   Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.

   

8. Restart Your Computer

   Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.

   

STEP 7: Use HitmanPro to scan your computer for rootkits and other malware

In this next step, we will scan the computer with HitmanPro to ensure that no other malicious programs are installed on your device.

HitmanPro is a second-opinion scanner — it’s designed to catch what your main antivirus might have missed. Instead of relying on a single detection engine, it checks the behavior of files in the locations where malware usually hides. Anything suspicious gets sent to the cloud, where it’s analyzed by two of the best antivirus engines available: Bitdefender and Kaspersky.

Good news: scanning is completely free, with no limits. You only need a license when it’s time to remove what was found — and even then, you can activate a free one-time 30-day trial to clean your PC at no cost. (A full license is $24.95 per year for 1 PC.)

1. Download HitmanPro

   Click the button below to download HitmanPro. Remember — the scan is free, so you have nothing to lose by checking your PC.

   DOWNLOAD HITMANPRO (FREE SCAN)
   (The link opens in a new page where your download will start)

2. Install HitmanPro

   When the download finishes, open your Downloads folder and double-click the file: “hitmanpro.exe” on 32-bit Windows, or “hitmanpro_x64.exe” on 64-bit Windows.

   

   If a User Account Control pop-up asks whether HitmanPro can make changes to your device, click “Yes” to continue.

   

3. Follow the On-Screen Prompts

   On the HitmanPro start screen, click “Next” to begin the system scan. No lengthy setup required — it goes straight to work.

   

   

4. Wait for the Scan to Finish

   HitmanPro will now check your computer for malicious programs. This usually takes just a few minutes thanks to its cloud-based scanning.
   

5. Review the Results and Click “Next”

   When the scan is done, HitmanPro will show you everything it found. Click “Next” to remove the detected threats.

   

6. Click “Activate Free License”

   To remove the malicious files, click the “Activate free license” button. This starts your free 30-day trial — no payment details needed — and unlocks the full cleanup.
   

   When the removal is complete, HitmanPro will show a summary of everything it cleaned. Click Next, then click Reboot if prompted. If there’s no reboot prompt, just click Close — your PC is clean.

STEP 8: Use AdwCleaner to remove adware and malicious browser policies

In this final step, we will download and install AdwCleaner to remove the malicious browser policies that were set by browser hijackers on your computer and delete malicious browser extensions.

AdwCleaner is a free on-demand scanner that specializes in adware, browser hijackers, and unwanted toolbars — the exact threats that mainstream antivirus programs often miss. It also includes tools that repair the damage malware leaves behind, like hijacked browser settings and malicious policies. It’s a quick scan that’s well worth running.

1. Download AdwCleaner

   Click the button below to download AdwCleaner — it’s free, portable, and requires no installation.

   

   DOWNLOAD ADWCLEANER (FREE)
   (The link opens in a new page where your download will start)

2. Run AdwCleaner

   Open your Downloads folder and double-click the file named “adwcleaner_x.x.x.exe“. There’s no installation — the program starts right away.
   

   If Windows asks whether you want to allow AdwCleaner to run, click “Yes“. When the license agreement appears, click I agree to continue.

   

3. Enable “Reset Chrome policies”

   This setting removes malicious browser policies — a trick malware uses to lock your browser settings so you can’t change them back. Click “Settings” on the left side of the window, then turn on “Reset Chrome policies“.

   

4. Start the Scan

   Click “Dashboard” on the left side of the window, then click the “Scan” button.

   

5. Wait for the Scan to Finish

   AdwCleaner will now check your computer for adware and other malware. This usually takes only a few minutes — it’s one of the fastest scanners around.

   

6. Quarantine the Detected Threats

   When the scan finishes, AdwCleaner will list everything it found. Click the “Quarantine” button to remove all the malicious items at once.

   

7. Click “Continue” to Finish the Cleanup

   Save any open work first — AdwCleaner needs to close your open programs before it can clean. When you’re ready, click the “Continue” button.
   

   AdwCleaner will now delete all detected malware from your computer. If it asks you to restart your PC, allow it — your computer will be clean when you log back in.

Better Secure Microsoft Edge Against Malware

Removing existing infections is important. But preventing future malware is ideal. Here are ways to secure Edge after cleaning it:

• Only install browser extensions from the official Microsoft Edge Add-ons store. Avoid third-party sites teeming with malware-laced extensions.
• Always keep Edge and Windows updated so you get the latest security fixes right away. Enable auto-updates if possible.
• Use Windows Defender Antivirus and keep it active to catch any malware that slips through Edge.
• Run occasional Malwarebytes scans to detect and remove any nasty malware that may bypass antivirus.
• Avoid suspicious downloads that may contain malware installers bundled in. Read carefully before installing anything.
• Never click random links in emails or messages. Visit sites directly by typing their verified URL.

With secure computing habits, you lower the chances of malware ever infecting your Edge browser again. But if it happens, this guide has you covered to remove infections and restore peak performance fast.

Frequently Asked Questions About Cleansing Malware From Microsoft Edge

Removing pesky malware from Microsoft Edge brings up many questions for users. As an expert in malware removal, here I provide answers to some frequently asked questions about properly cleaning infected Edge browsers.

What is the best way to check if Edge has malware?

The easiest way is to open Edge’s extensions page and task manager to look for any unknown processes or recently added extensions. Also scan with trusted antivirus software and Malwarebytes to detect more sophisticated threats.

Where does Edge store browsing data that could be affected by malware?

Edge stores browsing data like history, cookies, and cached files in the LocalState folder under User\AppData\Local\Packages\Microsoft.MicrosoftEdge on Windows 10 and 11 PCs. Malware could access sensitive information stored here.

Should I be concerned about malware logging my passwords in Edge?

Absolutely. If Edge was infected, immediately change any passwords that were entered in the browser during that time. Turn on two-factor authentication as well on sensitive accounts to secure them. Assume credentials were compromised.

Does Microsoft Defender Antivirus automatically remove malware from Edge?

Defender is decent at catching common threats, but sophisticated malware can evade it. Running extra scans with Malwarebytes or HitmanPro after will detect more stealthy infections Defender misses. Don’t rely on Defender alone.

What’s the best way to isolate Edge from other browsers and data?

Use Edge’s built-in Collections feature to segregate web content and browsing sessions away from other browsers as a security measure. Collections keep data walled off from the rest of the system.

What should I do if malware keeps reinfecting Edge?

Try fully reinstalling Edge instead of just resetting it. Check that antivirus is active and scan the full system for malware that may be re-compromising Edge. Severe infections require total removal.

How can I better prevent future malware infections in Edge?

Stay vigilant – avoid suspicious downloads, don’t install random extensions, keep Windows and Edge updated, run periodic Malwarebytes scans in addition to antivirus, and enable security options like SmartScreen filtering.

Let me know if you have any other Edge malware removal questions!

The Bottom Line: Cleansing Malware From Microsoft Edge

While Edge employs robust security measures, it is still vulnerable to sneaky malware like redirect viruses, information stealers, and annoying adware.

Left unaddressed, malware seriously degrades browser performance, slows computers to a crawl, and can steal sensitive personal data. Removing infections quickly is mission-critical.

The great news is that with the right approach, you can completely clean malware out of Edge and restore the fast, secure browsing experience you expect. Reset browser settings, delete shady extensions, run comprehensive scans, update Windows, and reinstall Edge for a fresh start.

Coupled with enhanced security practices moving forward, you can keep Edge running at maximum speed for years while keeping malware at bay. Don’t settle for a sluggish browser. Use this guide to clean infections and take back control of your web experience!

Summary: Key Takeaways

• Browser hijackers and redirect malware pose the biggest threats to Edge. Watch for performance issues and unwanted redirects.
• Resetting Edge and deleting suspicious extensions clears a lot of malware. But full scans are still needed to purge infections fully.
• Reinstalling Edge guarantees a clean slate after resets and scans. Backup your data before reinstalling!
• Update Windows frequently and use tools like Malwarebytes to spot any residual malware other scanners miss.

With a clean and secure Edge browser, you can comfortably surf the web knowing performance won’t suffer and your data will remain safe.