Virus and Spyware Removal Guides, uninstall instructions

What is SAI assistant?

While examining the SAI assistant browser extension, we noticed that it modifies the settings of a web browser to promote a fake search engine (search.extjourney.com). Thus, we classified AI assistant as browser hijacker. Additionally, AI assistant can read various data. Users should not download this app.

What kind of malware is Sus?

Sus is ransomware that our team discovered while checking malware samples submitted to the VirusTotal page. We found that Sus is based on Chaos ransomware. Sus encrypts data, appends the ".sus" extension to filenames of all encrypted files, and drops a ransom note (the "read_it.txt" file).

An example of how Sus renames encrypted files: it changes "1.jpg" to "1.jpg.sus", "2.png" to "2.png.sus", and so forth.

What kind of malware is MacStealer?

MacStealer is a type of information-stealing software that can obtain login credentials, cookies, and documents from a victim's web browser. It targets macOS versions from Catalina onwards, and can infect computers that use Intel M1 and M2 CPUs. MacStealer is for sale for $100 on a hacker forum.

What kind of malware is Skynet?

Skynet is one of the ransomware variants belonging to the MedusaLocker family. Our malware researchers discovered Skynet while analyzing malware samples submitted to the VirusTotal site. The purpose of Skynet is to encrypt files on the infected computer.

Also, Skynet creates the "Instructions for decryption.txt" file (a ransom note) and renames encrypted files. It appends the ".Skynet" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.Skynet", "2.png" to "2.png.Skynet", and so forth.

What is search-alpha.com?

While examining search-alpha.com, we learned that it is a fake search engine that shows results from other search engines. Search-alpha.com is another variant of searchmarquis.com. Fake search engines are promoted mainly through browser hijackers that modify the settings of web browsers. Thus, it is recommended not to trust search-alpha.com.

What kind of malware is Dark Power?

Dark Power is ransomware that prevents victims from accessing files by encrypting them. Also, Dark Power creates the "readme.pdf" file which contains a ransom note. Additionally, it appends the ".dark_power" extension to filenames (e.g., it renames "1.jpg" to "1.jpg.dark_power", "2.png" to "2.png.dark_power". etc.).

What is searchessearches.com?

We have examined searchessearches.com and found that it is a fake search engine. Our team discovered searchessearches.com after adding an untrustworthy application to a web browser. One of the extensions promoting searchessearches.com is named Apps. We discovered it on a deceptive website.

What kind of application is Volt?

During our examination of the Volt browser extension, we discovered that it is a browser hijacker designed to promote search.volt-tab.com by changing the browser settings. We also learned that search.volt-tab.com is a fake search engine. Users rarely download browser-hijacking apps on purpose.

What kind of malware is Jypo?

Jypo is ransomware that prevents victims from accessing data by encrypting it. Also, Jypo renames files by appending its extension (".jypo") to filenames and drops its ransom note ("_readme.txt"). Our discovery of Jypo came from analyzing malware samples submitted to VirusTotal.

Moreover, our investigation determined that Jypo is part of the Djvu ransomware family. Thus, Jypo may distributed in conjunction with information stealers such as RedLine and Vidar. An illustration of how Jypo renames files: it renames "1.jpg" to "1.jpg.jypo", "2.png" to "2.png.jypo", and so on.

What kind of malware is Jywd?

During our analysis of Jywd, we identified it as a variant of the Djvu ransomware family. Jywd works by encrypting data and appending the ".jywd" extension to the filenames of the affected files while also creating a ransom note in the form of a "_readme.txt" file. Our team discovered Jywd during an inspection of samples submitted to the VirusTotal page.

As an example of how Jywd alters filenames: it changes "1.jpg" to "1.jpg.jywd", "2.png" to "2.png.jywd", etc. It is important to note that Jywd may be distributed alongside other malware, such as RedLine, Vidar, or other information stealers.