What is SATANA Ransomware?
SATANA Ransomware is a new computer infection that threatens to lock personal files. It is quite prevalent on the web these days, and it has been noticed that it shares similarities with such popular infections as Mischa Ransomware and Petya Ransomware. First of all, it locks files it finds stored on the computer with an intention of stealing money from computer users. Secondly, it modifies the MBR (Master Boot Record) in order to make it impossible for the Windows OS to load up. The only thing that users will see is the message covering the entire screen. It will say that the user has become the victim of SATANA Ransomware to explain why all the files are locked. In addition, a user will be offered to buy the decryption tool to unlock files. To be honest, the decryptor will be of no use here because this ransomware will not fix the Master Boot Record for you. In other words, you will not be able to unlock and access your files even if you transfer the required sum, so you should not waste your money. Instead, you should hurry to remove SATANA Ransomware from your computer to fix your Windows OS and thus use the computer normally again.
What does SATANA Ransomware do?
It is clear that SATANA Ransomware will encrypt files located on local disks and unmapped network shares. Researchers at anti-spyware-101.com have revealed that this computer infection will lock .bak, .jpg, .jpe, .mdf, .ppt, .pas, .asm, .dxf, .gif, .cry, .stl, .tif, and other files, mainly pictures and documents. Also, it will delete Shadow Copies of files to make sure that users cannot recover them easily. Once it is done with the files, it will create the .txt file (satana.txt) with the long text in every folder containing encrypted files. Users are informed in the .txt file that their files are encrypted and they need to pay 0.5 Bitcoins (approximately $340) to get the private key for unlocking files. As we have already mentioned, the key will not be effective because this ransomware infection modifies the MBR and is not going to restore the changes to allow the operating system to load up. In other words, you might receive the private key but you will not be able to use it. The key will not unlock files for you even if you use it after you repair the MBR, so there is no point in purchasing it. You should not do that especially if you have copies of your pictures and documents because it means that you have not lost them forever and can recover them easily.
Where does SATANA Ransomware come from?
SATANA Ransomware does not apply many changes to the system once it infiltrates the computer. It has only been found that it puts the copy of the executable file (.exe) in the %TEMP% directory and then launches from there. According to specialists at anti-spyware-101.com, SATANA Ransomware, in most cases, is spread through legitimate-looking spam emails. It appears in these emails as a decent-looking file, for example, it might pretend to be an invoice from a reliable company, e.g. DHL. To protect your system from other file-locking ransomware infections like Cerber Ransomware, Anonpop Ransomware, and Mircop Ransomware, you need to ignore spam emails you receive. Also, security specialists say that you need to acquire and install a reliable antimalware scanner on your system. If you do not want to make a mistake, install SpyHunter. We can guarantee that it will not allow undesirable software to enter your system again.
How to delete SATANA Ransomware
As you already know, SATANA Ransomware modifies the Master Boot Record in order not to allow the Windows OS to load up and thus puts its message on the screen. Therefore, you will have to fix the MBR to be able to use your computer normally again. You can reinstall your Windows OS as well, but we believe that it will be easier and quicker to restore the changes made by the ransomware infection and then delete the malicious file from %TEMP%. To make it easier for you to get rid of SATANA Ransomware, we suggest using our manual removal instructions you can find below. After you fix the MBR and your PC runs normally again, you should scan your computer with an automatic malware remover too to delete the remaining threats and the components of the ransomware infection, if there are any left on the system.
Remove SATANA Ransomware manually
Fix the MBR (Master Boot Record)
- Insert the CD of your Windows XP in the CD-ROM.
- Press any key to boot.
- Tap R to open the Recovery Console.
- Type 1 and tap Enter if Windows XP is your only OS.
- Enter your administrator password and hit Enter.
- Tap Y and then hit Enter.
- Remove the CD from your CD-ROM.
- Type exit and then tap Enter to restart your PC.
- Boot from your Windows Vista CD.
- Select your language and the layout of the keyboard.
- Click Repair your computer.
- Select the operating system.
- Click Next.
- Open Command Prompt.
- Type these commands: bootrec /FixMbr, bootrec /FixBoot, and bootrec /RebuildBcd.
- Tap Enter after you enter each of the commands.
- Remove your CD and type exit.
- Tap Enter.
- Insert your Windows 7 installation DVD.
- Press any key.
- Select your language and the keyboard layout.
- Click Next.
- Select the OS.
- Click Next.
- Click Command Prompt to open it.
- Type bootrec /rebuildbcd. Press Enter.
- Type bootrec /fixmbr. Press Enter.
- Type bootrec /fixboot. Press Enter.
- Remove the DVD and restart your computer.
- Boot from the DVD.
- Click Repair your computer at the Welcome screen.
- Click Troubleshoot and open Command Prompt.
- Type bootrec /FixMbr and tap Enter.
- Type bootrec /FixBoot and tap Enter.
- Type bootrec /ScanOs and tap Enter.
- Type bootrec /RebuildBcd and tap Enter.
- Remove the DVD disk.
- Type exit and then tap Enter on the keyboard.
- Reboot your computer.
- Find and delete the malicious file you have downloaded.
- Tap Win+E simultaneously.
- Enter %TEMP% in the address line and tap Enter.
- Locate the copy of the malicious file and remove it.
- Remove satana.txt files from directories containing encrypted files.
- Empty the Recycle bin.
- Restart PC.
tested removal of SATANA Ransomware*100% FREE spyware scan and