Virus and Spyware Removal Guides, uninstall instructions

What is Satan?

Similar to Ransom32, Satan is a ransomware-type virus offered as a Service (Raas). Following successful infiltration, Satan encrypts stored data using RSA-2048 and AES-256 cryptography. In addition, this virus appends the names of encrypted files with the ".stn" extension (for instance, "sample.jpg" is renamed to "sample.jpg.stn").

Following successful encryption, Satan places an HTML file ("HELP_DECRYPT_FILES.html") on the desktop.

Updated variants of this ransomware use .satan extension for encrypted files. As mentioned above, Satan's developers provide a service allowing prospective cyber criminals to make money by distributing this ransomware. In exchange, developers receive 30% of revenues generated by users.

What is hp.myway.com?

InspiringBackgrounds is a deceptive application developed by Mindspark Interactive Network. By claiming to provide access to thousands of wallpapers, this app often tricks users into believing that it is legitimate and useful.

In fact, InspiringBackgrounds infiltrates systems without consent, stealthily modifies web browser settings, and continually tracks Internet browsing activity. For these reasons, this app is classed as a potentially unwanted program (PUP) and a browser hijacker.

What is yarhoot.com?

According to the developers, yarhoot.com is an improved Internet search engine that significantly enhances the Internet browsing experience by generating improved search results.

Many users believe that yarhoot.com is legitimate and useful, however, developers promote this website by employing rogue download/installation set-ups that hijack browsers and modify various settings without consent. In addition, yarhoot.com monitors web browsing activity by recording various data types.

What is Domino?

Domino is ransomware-type virus based on Hidden Tear (open-source ransomware project). This virus claims to be KMSPico (Windows activation crack). Once executed, this malicious KMSpico Windows activator will extract a randomly-named file (placed in the "%Temp%"folder).

This file is automatically executed and extracts a password-protected Zip archive ("Help.zip", password "abc123456"). The archive contains "Help.exe" and "HelloWorld.exe" files.

These are also executed automatically. While "Help.exe" encrypts files and appends a ".domino" extension to the name of each encrypted file (for example, "sample.jpg" is renamed to "sample.jpg.domino"), "HelloWorld.exe" displays a ransom-demand message.

A text file ("README_TO_RECURE_YOUR_FILES.txt") that contains a different ransom-demand message is also created and placed on the desktop.

What is zlappy.com?

Developers present zlappy.com as a top-notch Internet search engine that not only generates improved search results, but also provides quick access to various popular websites. These claims often trick users into believing that zlappy.com is completely appropriate and handy.

However, users must be informed that zlappy.com continually gathers various data relating to user's web browsing activity. Furthermore, developers promote this deceptive website via rogue downloaders/installers designed to alter web browsers' settings without asking for a permission.

What is mywebtopic.com?

mywebtopic.com is a fake Internet search engine that falsely claims to enhance the Internet browsing experience by generating improved search results and providing shortcuts to various popular websites.

Judging on appearance alone, mywebtopic.com may seem legitimate and useful, however, developers promote it via deceptive download/installation set-ups that modify browser settings without permission. Furthermore, mywebtopic.com continually tracks web browsing activity.

What is TurboMac?

The TURBOMAC application supposedly improves the online shopping experience and saves money by displaying special deals, providing coupons, etc. - "TURBOMAC is a browser add-on that provides a better online shopping experience leading to higher user value by offering modifynative products, showing same or similar products from different stores with price modifynatives".

This functionality may seem legitimate and useful, however, be aware that this app is classed as a potentially unwanted adware-type program (PUP). After stealth system infiltration, TURBOMAC generates intrusive online advertisements and tracks Internet browsing activity.

What is HakunaMatata ransomware?

HakunaMatata is a variant of NMoreira ransomware. Following successful infiltration, HakunaMatata encrypts files using the RSA-2048 and AES-256 encryption algorithms. During encryption, this malware appends the ".HakunaMatata" extension to the name of each encrypted file.

For instance, "sample.jpg" is renamed to "sample.jpg.HakunaMatata". Once files are encrypted, HakunaMatata creates an HTML file ("Recovers files yako.html"), placing it on the desktop.

What is Sage 2.0?

Sage 2.0 is an updated version of Sage - a ransomware-type virus. Following infiltration, Sage 2.0 encrypts various files and appends their filenames with the ".sage" extension.

For instance, "sample.jpg" is renamed to "sample.jpg.sage". Following successful encryption, Sage 2.0 creates an HTML file ("Recovery_[3_random_characters].html"), places it in each folder containing encrypted files, and changes the desktop wallpaper.

What is HotShoppy?

HotShoppy is a dubious application identical to EasyShopper, LiveShoppers, and BestWeb Shoppers. By falsely claiming to improve the Internet shopping experience, HotShoppy often tricks users to install. Be aware, however, that HotShoppy is categorized as a potentially unwanted program (PUP) and adware.

There are three main reasons for these negative associations: stealth installation without users' consent, tracking of Internet browsing activity and display of intrusive online advertisements.