Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is MacStealer?

MacStealer is a type of information-stealing software that can obtain login credentials, cookies, and documents from a victim's web browser. It targets macOS versions from Catalina onwards, and can infect computers that use Intel M1 and M2 CPUs. MacStealer is for sale for $100 on a hacker forum.

What kind of malware is Skynet?

Skynet is one of the ransomware variants belonging to the MedusaLocker family. Our malware researchers discovered Skynet while analyzing malware samples submitted to the VirusTotal site. The purpose of Skynet is to encrypt files on the infected computer.

Also, Skynet creates the "Instructions for decryption.txt" file (a ransom note) and renames encrypted files. It appends the ".Skynet" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.Skynet", "2.png" to "2.png.Skynet", and so forth.

What is search-alpha.com?

While examining search-alpha.com, we learned that it is a fake search engine that shows results from other search engines. Search-alpha.com is another variant of searchmarquis.com. Fake search engines are promoted mainly through browser hijackers that modify the settings of web browsers. Thus, it is recommended not to trust search-alpha.com.

What kind of malware is Dark Power?

Dark Power is ransomware that prevents victims from accessing files by encrypting them. Also, Dark Power creates the "readme.pdf" file which contains a ransom note. Additionally, it appends the ".dark_power" extension to filenames (e.g., it renames "1.jpg" to "1.jpg.dark_power", "2.png" to "2.png.dark_power". etc.).

What is searchessearches.com?

We have examined searchessearches.com and found that it is a fake search engine. Our team discovered searchessearches.com after adding an untrustworthy application to a web browser. One of the extensions promoting searchessearches.com is named Apps. We discovered it on a deceptive website.

What kind of application is Volt?

During our examination of the Volt browser extension, we discovered that it is a browser hijacker designed to promote search.volt-tab.com by changing the browser settings. We also learned that search.volt-tab.com is a fake search engine. Users rarely download browser-hijacking apps on purpose.

What kind of malware is Jypo?

Jypo is ransomware that prevents victims from accessing data by encrypting it. Also, Jypo renames files by appending its extension (".jypo") to filenames and drops its ransom note ("_readme.txt"). Our discovery of Jypo came from analyzing malware samples submitted to VirusTotal.

Moreover, our investigation determined that Jypo is part of the Djvu ransomware family. Thus, Jypo may distributed in conjunction with information stealers such as RedLine and Vidar. An illustration of how Jypo renames files: it renames "1.jpg" to "1.jpg.jypo", "2.png" to "2.png.jypo", and so on.

What kind of malware is Jywd?

During our analysis of Jywd, we identified it as a variant of the Djvu ransomware family. Jywd works by encrypting data and appending the ".jywd" extension to the filenames of the affected files while also creating a ransom note in the form of a "_readme.txt" file. Our team discovered Jywd during an inspection of samples submitted to the VirusTotal page.

As an example of how Jywd alters filenames: it changes "1.jpg" to "1.jpg.jywd", "2.png" to "2.png.jywd", etc. It is important to note that Jywd may be distributed alongside other malware, such as RedLine, Vidar, or other information stealers.

What kind of malware is Jyos?

During our analysis of malware samples submitted to the VirusTotal page, we came across a type of ransomware dubbed Jyos. Further investigation revealed that Jyos belongs to the Djvu ransomware family. The primary goal of this ransomware is to encrypt files.

Jyos also modifies file names by adding the ".jyos" extension (e.g., it renames "1.jpg" to "1.jpg.jyos", "2.png" to "2.png.jyos", and so forth) and leaves a ransom note in the form of a file named "_readme.txt". It is important to mention that Jyos may be distributed alongside information stealers like Vidar or RedLine.

What is Robo Tab?

While testing Robo Tab, our team discovered that this browser extension operates as a browser hijacker. The purpose of Robo Tab is to promote search.robo-tab.com (a fake search engine) by changing the settings of a web browser. Additionally, it may gather various data. Thus, it is advisable not to trust Robo Tab app.