Reverse Captcha Virus

Reverse Captcha

Reverse Captcha is a rogue webpage classified as a browser hijacker that tricks the user into giving it permission to spam the browser with pop-ups and ads. Reverse Captcha can cause system weaknesses and make the computer vulnerable to Trojans, Spyware, Ransomware, and more.

reverse captcha

In most cases, users get their browser infected with Reverse Captcha after they mistakenly click “Allow” on a notification-permission request from the Reverse Captcha page. The reason why users fall for this is simple – they think that by clicking allow, they are confirming that they aren’t a robot so that they’d be allowed to enter a certain site (hence the name Reverse Captcha). However, what’s happening instead is they are letting the rogue page spam their browser with ads and potentially make other changes to it.

What is Reverse Captcha?

Reverse Captcha is a fake page designed to mislead users and hijack their browsers in order to later flood them with untrustworthy ads. Reverse Captcha can also track your browsing activities and sell the collected data to third parties that could use it maliciously.

reverse captcha virus chrome

In most cases, users would land on the Reverse Captcha page after interacting with a fake ad or misleading rogue link. The Reverse Captcha page itself has a big message written on it that says you need to select “Allow” on the pop-up window in the upper-left part of the screen (right below the site URL) in order to confirm that you are a real person (which is the purpose of legitimate captchas). The pop-up, itself, however, looks suspicious, as there’s nothing written on it aside from “ wants to show notifications”. If the user would take a moment to look at what’s actually written in the pop-up, they’d immediately realize that something’s off. However, we oftentimes click allow on random online pop-ups just to get them out of the way as quickly as possible without paying much attention to what’s actually written on them, which is why many people fall for this scheme.

The Reverse Captcha virus

The Reverse Captcha virus is any rogue software that can introduce the browser hijacker of the same name into your browser. The Reverse Captcha virus is likely to have made changes in the system Registry and other settings to gain persistence on the computer.

Another possible reason why you are seeing Reverse Captcha notifications, pop-ups, and ads as well as experiencing other browser disturbances is the presence of a rogue program or a virus on your computer that has infected your browser with the hijacker in question. For that reason, it’s also important to check your system for the presence of malware, as there may be a Trojan or a Rootkit hiding on the computer that would need to be removed.

Also, note that Reverse Captcha ( is only one of many similar rogue sites that are likely hosted by the same group of scammers. Other similar sites are,,,, and more, so be on the lookout for them as well.

The Reverse Captcha virus warning

The Reverse Captcha virus warning is a fake warning pop-up that shows up in the browser and tries to trick you into allowing a certain rogue site to gain permissions in the browser. The Reverse Captcha virus warning must be ignored and kept away from.

One other method Reverse Captcha may use to trick you is by showing you a scary online warning that urges you to click on something in order to save your computer from a supposed malware threat that’s currently in the system. Obviously, you shouldn’t trust any such random pop-up warnings coming from your browser, but we still need to mention them here. Not only could such a warning get your browser infected with a rogue hijacker page like Reverse Captcha, but it may also download dangerous software on the computer and potentially expose you to Trojans, Spyware, Ransomware, and other hazards.


NameReverse Captcha
TypeBrowser Hijacker
Detection Tool

How to remove Reverse Captcha

To remove Reverse Captcha, you must check your PC’s system for rogue data and settings and delete them, and then go to each browser and clean it thoroughly.

  1. Check for recent program installs that may be related to the hijacker and delete them.
  2. See if there are rogue processes running in the system and if there are, stop them and delete their data.
  3. Remove any hijacker entries added to the Hosts file, the System Registry, or the list of Startup items. Also reverse any changes made to the DNS settings.
  4. Clean the browsers from potentially rogue add-ons and then reset the browsers’ settings.

The detailed instructions below will give you additional information about how to perform each of those steps.

Detailed Reverse Captcha removal instructions

Step 1

Stop the Internet connection to your computer and open the current page on another device to have live access to it. Disconnecting from the web is required, as it will prevent Reverse Captcha from contacting its servers and re-downloading from them any data you may manage to delete.

Step 2

Type Uninstall a Program or Programs and Features in the Start Menu search bar and open the app that appears in the results. Search the list of programs that shows up for anything that has been recently installed and that could be linked to the Reverse Captcha infection of your browsers. If you find such a program, click on its name, then on the Uninstall button above the list, and complete the steps from the uninstallation manager. Do not let the uninstaller keep any data related to the rogue program on your computer.


Step 3


Press together on your keyboard the keys shown below and when the Task Manager app opens, go to Processes:

[Ctrl] + [Shift] + [Esc]

Try to find any processes in that list that may be related to Reverse Captcha. Look for anything with an unusual name or higher-than-normal virtual memory and CPU usage. If there are one or more processes that look suspicious, try to figure out if they are malicious in the following two ways:

Look up the names of the suspected processes to see if security researchers or other users have warned about those processes being harmful.

Right-click each suspected process, then select the File Location option, and test the files in the folder that appears using the anti-malware scanner you’ll find below – if one or more of the files are infected, this means that the process is rogue.


If it turns out that a given process is malicious and/or linked to the hijacker, open its file location, then end the process, and delete all files located in the file location folder. After that, delete the folder itself. If you can’t delete something at the moment, try again after the end of the guide.


Step 4

Search in the Start Menu for the following three items and open the first thing that shows up in the results for each search:

  • ncpa.cpl – this should get you to the Network Connections folder – in it, right-click the usual network that you use, open its Properties window, and double-click on Internet Protocol Version 4. After that, enable the “Obtain an IP address automatically”, then click Advanced > DNS tab, delete everything in the DNS server addresses list, and save the changes you’ve just made by clicking OK on everything.
4 2 1024x559
  • msconfig – this will open the System Configuration window. When it opens, go to Startup, remove the ticks from any unfamiliar items, items with unknown developers, or ones that seem linked to Reverse Captcha, and click OK.
5 1
  • notepad %windir%/system32/Drivers/etc/hosts – this will get you to the Hosts file, in which you must look at the bottom of the text, below “Localhost”, copy what may be written there, and share it down in the comments. We will soon tell you if this file has been hijacked and if anything needs to be done about it. If you saw no text below “Localhost”, directly move on to the next step.
7 1
  • regedit.exe – to open this, you will need to provide your Admin confirmation by selecting Yes, so do this and the Registry Editor tool should appear on your screen. When it does, press Ctrl + F and use the search bar to look for Reverse Captcha items. Delete every item that gets found and search again after each deletion to make sure there aren’t more rogue items. Once you are done with that, find the following locations in the left panel of the Registry Editor and search them for items with randomly-generated names such as this one “3892ru9382dj8239jt24890ru09dj09g20d9”, and if such items are found, tell us their names down in the comments, and we will tell you if they need to be deleted.
    • HKEY_CURRENT_USER/Software/Random Directory. 
    • HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run
    • HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main
6 1

Step 5

Finally, you must make sure that all of your browsers are cleaned from anything related to the hijacker.

First, open the main browser, select the icon of its menu (on most browsers, the icon for the menu is in the top-right or top-left). Go to Extensions from the menu or if you are using Chrome, first click More Tools and then Extensions.

Once on the Extensions page, disable and remove any unknown, suspicious, or unwanted extensions.

8 1024x331

Next, again from the browser menu, go to Settings/Options and use the settings search bar to search for Notifications. Now, if you are using a Chromium-based browser (Chrome, Edge, Opera), click on Site settings and then on Notifications in the Permission section. If you are using Mozilla Firefox, directly select the Settings button next to Notifications.

After that, you should see what sites are allowed to show notifications in the browser – Reverse Captcha or another similar rogue site should be in that list, so remove it from there and save the changes if you are in Firefox.

Finally, go back to the main settings page, click Privacy and Security (if you don’t see it, first click on Advanced), find and select the Clear browsing data/Clear data option, check everything except passwords, and clear the data.

9 1024x264

Once all of this is done for your main browser, repeat this step for your other browsers.

If Reverse Captcha is still in the browsers

If the problem with this rogue hijacker persists, then it may be best to try using the help of a professional removal tool designed to take care of such annoyances. There is one such powerful tool linked in the guide that we recommend using in such situations.

One possible cause for the hijacker’s persistence is the presence of a more dangerous threat, such as a Trojan Horse on the computer. The good news is that the recommended removal tool from this page is also capable of dealing with a wide variety of malware threats, including Trojans, so give it a try if you wish to secure and clean your system without any risk and without wasting any time.


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment

We are here to help! Use SpyHunter to remove malware in under 15 minutes.

Not Your OS? Download for Windows® and Mac®.

* See Free Trial offer details and alternative Free offer here.

** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

Spyware Helpdesk 1