Step-by-Step Malware Removal Instructions

PromotePower Adware (Mac)
Mac Virus

PromotePower Adware (Mac)

Upon downloading and installing PromotePower, our team discovered that its main function is to display bothersome advertisements, leading us to classify it as adware. It is important to note that users often unwittingly download and install adware without understanding the potential consequences

SAI Assistant Browser Hijacker
Browser Hijacker

SAI Assistant Browser Hijacker

While examining the SAI assistant browser extension, we noticed that it modifies the settings of a web browser to promote a fake search engine (search.extjourney.com). Thus, we classified AI assistant as browser hijacker. Additionally, AI assistant can read various data. Users should not download

Sus Ransomware
Ransomware

Sus Ransomware

Sus is ransomware that our team discovered while checking malware samples submitted to the VirusTotal page. We found that Sus is based on Chaos ransomware. Sus encrypts data, appends the ".sus" extension to filenames of all encrypted files, and drops a ransom note (the "read_it.txt" file). An exa

MacStealer Malware (Mac)
Mac Virus

MacStealer Malware (Mac)

MacStealer is a type of information-stealing software that can obtain login credentials, cookies, and documents from a victim's web browser. It targets macOS versions from Catalina onwards, and can infect computers that use Intel M1 and M2 CPUs. MacStealer is for sale for $100 on a hacker forum.

Skynet (MedusaLocker) Ransomware
Ransomware

Skynet (MedusaLocker) Ransomware

Skynet is one of the ransomware variants belonging to the MedusaLocker family. Our malware researchers discovered Skynet while analyzing malware samples submitted to the VirusTotal site. The purpose of Skynet is to encrypt files on the infected computer. Also, Skynet creates the "Instructions for

Search-alpha.com Redirect (Mac)
Mac Virus

Search-alpha.com Redirect (Mac)

While examining search-alpha.com, we learned that it is a fake search engine that shows results from other search engines. Search-alpha.com is another variant of searchmarquis.com. Fake search engines are promoted mainly through browser hijackers that modify the settings of web browsers. Thus, i

Dark Power Ransomware
Ransomware

Dark Power Ransomware

Dark Power is ransomware that prevents victims from accessing files by encrypting them. Also, Dark Power creates the "readme.pdf" file which contains a ransom note. Additionally, it appends the ".dark_power" extension to filenames (e.g., it renames "1.jpg" to "1.jpg.dark_power", "2.png" to "2.png.

Searchessearches.com Redirect
Browser Hijacker

Searchessearches.com Redirect

We have examined searchessearches.com and found that it is a fake search engine. Our team discovered searchessearches.com after adding an untrustworthy application to a web browser. One of the extensions promoting searchessearches.com is named Apps. We discovered it on a deceptive website.

Volt Browser Hijacker
Browser Hijacker

Volt Browser Hijacker

During our examination of the Volt browser extension, we discovered that it is a browser hijacker designed to promote search.volt-tab.com by changing the browser settings. We also learned that search.volt-tab.com is a fake search engine. Users rarely download browser-hijacking apps on purpose.

Jypo Ransomware
Ransomware

Jypo Ransomware

Jypo is ransomware that prevents victims from accessing data by encrypting it. Also, Jypo renames files by appending its extension (".jypo") to filenames and drops its ransom note ("_readme.txt"). Our discovery of Jypo came from analyzing malware samples submitted to VirusTotal. Moreover, our inv