CaptchaCoolNow Virus

CaptchaCoolNow

CaptchaCoolNow is a browser hijacker that is specifically aimed at Windows users. CaptchaCoolNow can infiltrate most browsers, including Chrome, Firefox, Edge, etc. Once it integrates with your browsing program, CaptchaCoolNow will begin to modify its settings in a particular way.

CaptchaCoolNow

Specifically, this browser hijacker will make changes that will enable the promotion and advertisement of certain products and services. For instance, software of this type has the tendency to install ad-generating components in the browser in question. And as a result, your browsing experience becomes engulfed by streams of endless popups, banners, box messages and other online advertising materials. What’s more, it’s not uncommon for programs of this type to also change the browser’s homepage and set their own search engine as the one used by default. This is done with the intention of gaining more exposure for these pages or websites and driving more traffic towards them.

Another very common effect of software like CaptchaCoolNow or Captcha Cool Now that becomes apparent soon after it is installed on the computer is the page redirects. Spontaneously, your browser may decide to open a new tab or window, or even just reroute you within the same tab. Again, this also serves the purpose of promoting this or that web location.

If you try to change the settings of the browser back to their initial state, you will notice that this doesn’t really work. As soon as you restart your browsing program, the homepage and search engine will be exactly the ones set by CaptchaCoolNow . And this will continue to happen unless you remove CaptchaCoolNow from your PC. Below we have put together a special guide that will show you exactly how to remove this browser hijacker, along with all of its unwanted modifications.

The CaptchaCoolNow Virus

You might be asking yourself what it is the CaptchaCoolNow Virus actually doing on your computer. And it’s a very legitimate question, because obviously it doesn’t seem to benefit you in any way. So, logic dictates that the CaptchaCoolNow Virus must benefit someone.

And that someone is the developer or creator of the browser hijacker, on the one hand. On the other it’s those whose products and services gain exposure thanks to the hijacker. The developers, in this case, make money based on the amount of times their popups, banners and other ads are clicked on. This happens in accordance with popular remuneration models like Pay Per Click.

And with that we should also point out that software of this type has a common tendency to keep tabs on the browsing patterns of the affected users. This allows the hijacker to optimize the advertising process and maximize gains.

But that’s not the only hidden downside of software like CaptchaCoolNow . It just so happens that as a result of its aggressive advertising activities, you might end up exposed to malware such as Trojan horse viruses, ransomware, spyware and others. That’s not to say that CaptchaCoolNow is a virus too, though. But we do advise abstaining from interacting with any of the advertising materials it displays on your screen.

SUMMARY:

NameCaptchaCoolNow
TypeBrowser Hijacker
Detection Tool

 Remove CaptchaCoolNow Virus

 

To remove CaptchaCoolNow from a Windows system and restore the regular state of the browsers, users must check for unwanted browsing extensions and get rid of them. 

  1. Begin by opening the main browser on your PC, selecting its menu, and going to the Extensions page.
  2. On that page, look for items installed without your permission or knowledge as well as ones that seem unreliable and potentially unwanted.
  3. Disable each suspicious extension, and then uninstall it to remove CaptchaCoolNow from the browser.
  4. Check the other browsers in the system for undesirable extensions and clean them as well. 

After you make sure no unwanted extensions are present in any of your browsers, restart the machine, access the main browser again and see if the hijacker symptoms have ceased. If CaptchaCoolNow still appears to be there and active, then it has likely made other changes in the system that you’d have to take care of. Instructions on how to do that are available below.

 

Extended Guide

 

Step 1

It’s best if you bookmark the current page or open it on your phone to make accessing it easier since you will have to restart your PC and browser during the guide.

Step 2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

 

The most common way to get a browser hijacker on the computer is by bundling it to a seemingly harmless (and usually free) program that the user is likely to download. That is why the first thing you ought to do is check your system for suspicious installs that may be responsible for infecting you with the hijacker. 

First, go to the Start Menu, from there open the Control Panel, select the Uninstall a program button, and carefully explore the list. Look for programs and apps that have been installed recently (around the date of the hijacker’s first appearance) and that don’t seem particularly trustworthy. If you find a program/app you think may be linked to CaptchaCoolNow , select it, click on Uninstall, as shown in the image, and follow the uninstaller instructions. If the uninstaller asks if you’d like to keep any custom settings for the program, choose No.

Uninstall1

 

Step 3

Next, open the Task Manager (press the Ctrl, Shift, and Esc keys from the keyboard), go to Processes from the top, and try to find the CaptchaCoolNow process. Note that the process’ name will most likely be different – look for processes with names that seem strange or unfamiliar. Also look for resource-intensive processes that are using large portions of your computer’s memory and CPU without being run by any program that’s open at the moment.

If there’s a process you think may be hijacker-related, use Google or another reputable search engine to learn more about that process. If the information you find suggests that the process may indeed be linked to CaptchaCoolNow , then right-click on its entry in the Task Manager, select the File Location option, and scan all the files that are in the location folder with the malware scanner we’ve provided for you below:

 

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

     

    Task Manager1

     

    If our scanner finds malware in any of the files from the location folder, this means that the process they are related to is indeed unwanted/malicious and must be stopped. Select the process again, and click on the End Process button from the bottom-right to quit it. 

    • Note that if searching online for the suspicious process gave you enough reason to think that the process is linked to the hijacker, you should quit it even if scanning its files didn’t detect any malicious code.

     

    Task Manager2

     

    After you have ended the unwanted process, make sure to delete its location folder. It is possible that some of the files in it can’t be deleted at the moment and so you may not be allowed to remove the whole folder. If this happens, delete whatever files you can form the folder and move on with the guide. Later, once the rest of the steps have been completed, go back to the location folder and once again attempt to delete it. 

    Step 4

    Start your computer in Safe Mode to block unwanted processes that you may have not noticed (and stopped) while completing the previous step. While in Safe Mode, Windows will not allow non-essential processes to start on their own, including ones that the hijacker may try to launch. 

    Step 5

    Go to the Start Menu again and copy-paste this line in its search box:

    • notepad %windir%/system32/Drivers/etc/hosts

    Hit Enter to open the first result and then look at what’s written towards the bottom of the text in the notepad file that opens. If the last like reads “Localhost” or something similar, this means that this file hasn’t been modified by the hijacker. If, however, there are any odd-looking IP addresses written there, you should copy them and send them to us through the comments section because those IPs could be from CaptchaCoolNow . After we take a look at them, we will be able to tell you whether they are related to the hijacker and if anything needs to be done about them.

     

    Hosts2

     

    Step 6

     

    Press Winkey and R from the keyboard, type msconfig, press Enter, and click on Startup from the top of the newly-opened window. Look for unknown or suspicious-looking entries listed there and if you see any, uncheck them and press OK to save the changes you’ve just made. 

    Startup1

     

    Step 7 

    Go to Windows Control Panel once more and now select the Network and Internet > Network and Sharing Center. There, you should see the name of your Internet network (the one the computer is connected to at the moment) – select it and then select Properties. Find and click on the Internet Protocol Version 4 item and go to Properties again. 

    Make sure that the Obtain an IP address automatically setting is enabled and then open Advanced. In the Advanced settings window, go to the DNS tab and look at the list of servers – if there are any items listed there, Remove them. 

    Once you’ve done everything from this step, select OK on each open window and proceed to the next step. 

    Dns1

     

    Step 8 

    Some more aggressive and invasive hijackers could make changes in the system’s Registry to gain persistence and more control over the system, so it’s a good idea to check your computer’s Registry for modifications made by CaptchaCoolNow . However, be warned that if you delete something that you shouldn’t, the system may become unstable or experience other problems. For that reason, every time you are unsure about a given Registry item, be sure to first ask us in the comments what to do about it instead of directly deleting it!

     

    To enter the Registry Editor and make changes in the Registry, press Winkey + R again, type regedit, hit Enter, and click on Yes

    When the Registry Editor appears on the screen, go to Edit from the top and then select Find. Type the hijacker’s name in the Registry Editor search and click on Find Next. You will be taken to the first CaptchaCoolNow -related item in the Registry (if there are such items there at all) – delete that item and then do another search. Repeat this process as many times as needed until no more results for CaptchaCoolNow are left in the Registry. 

    Regedit2 1

     

    After that, visit the following three locations from the left panel of the Registry Editor: 

    • HKEY_CURRENT_USER/Software/Random Directory. 
    • HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
    • HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main

    In them, look for folders with unusually long names that stand out from the rest, especially if the names themselves consist of random characters. If you do find such folders, delete them. If you are uncertain about a given folder, ask us in the comments.

     

    Step 9

     

    Lastly, you must make sure to check each of the browsers once again to make sure that there’s nothing left from the hijacker in them. 

    First, go to the browser icon, right-click it, select Properties, and then Shortcut from the top. Make sure that there is nothing written after “.exe” in the Target field – if there is, delete it and click on OK.

     

    After that, enter the browser, click on its menu icon (most browsers’ menu icons are in the top-left or top-right corner). From the menu, click on Extensions (in some browsers it is Add-ons) – if you are trying this in Google Chrome, first select the More Tools option, and then you will see the Extensions option in the sub-menu that shows up. 

    Chrome1

     

    Just like the start of the guide, check the browser for undesirable or unknown extensions and delete them if you find any. 

    Chrome2

     

    Next, go to Settings (or Options) from the browser menu. 

    Chrome3

     

    On the Settings/Options page, find an option labelled Privacy and Security or anything similar to that. Next, you should see a Clear browsing data button – select it. If you are a Microsoft Edge button, you should select the Choose what to clear button instead. 

    Chrome4

     

    In the next window, put ticks on everything except Passwords and proceed to launch the data deletion process. If you don’t do this regularly for your browsers, the process may take a couple of minutes – do not quit the browser until the deletion is complete. 

    Chrome5

     

    What to do if CaptchaCoolNow is still on the PC

    If none of the steps here have helped you or if you still think that CaptchaCoolNow may be lurking in the background of your system even if you are no longer noticing its symptoms, then it’s best to check your computer with professional software to make sure everything is secure. The malware-removal tool recommended on this page is perfect for the job as it has been tested against similar forms of unwanted software and is able to quickly identify, locate, and dispose of any hijacker. Additionally, it can protect you from Trojans, Spyware, and other more hazardous threats while you are on the Internet.

     


    About the author

    blank

    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment