How to remove SATANA

In this article we’ll tell you about the most dangerous ransomware of the recent months – SATANA. This virus appeared on the Internet few days ago, but his effectiveness and the specific behavior made him quite famous. Still there are no info about the development of the decryption tool for SATANA, but we keep an eye on the websites of the famous malware fighters. If you want to know, how to remove SATANA, how to decrypt the files, and how to avoid such infection in future – just keep reading!

SATANA virus


Basic features of SATANA ransomware are no different from other similar viruses. It uses the asymmetric encryption algorithms such as RSA-2048, and AES-128. Encryption is required for all the files on the computer, except program files. Video, audio, text files and images are in this list. In the process of encryption file extension is not changed, however, virus adds the email address by which to contact the swindlers in the name of each file. Ransom amount is 0,5 BTC, (about 300 dollars).

SATANA virus


The virus penetrates the PC at a time when the user clicks on the viral attachment in the e-mail. That click launches the malicious script that installs the virus, and then starts scanning the hard disk, and encrypt files. Encryption takes from 10-15 minutes to several hours, depending on the amount of data to be encrypted, and the computer capacity. After the process, the user receives a message with threats and instructions on the payment of a ransom.

SATANA virus


How to remove SATANA Virus from your system

Regardless of what is written in the instructions, you should immediately remove the virus from your computer. If your files are really important and worth the amount of money that scammers want for them - you'd better pay immediately. If the files are not so important, or you fundamentally do not want to pay swindlers - you should try all ways to recover information that are available at the moment. We will describe you these ways, but they all require the prior removal of the virus from your PC. Remember that you have only one 100% effective way to restore files - a backup loading. All other methods, including the payment of the ransom cannot guarantee success, because fraudsters are called fraudsters for a reason - they earn money for deceiving people.

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Manual removal of the virus must be done in strict adherence to the instructions. If you don’t have enough experience to do that - then we suggest you use an antivirus program. You will need an antivirus in any case, to scan the system after removing the virus, because manual scan of the entire system takes too much time, and you can still miss important symptoms of infection. We suggest you use an anti-virus Spyhunter, which will provide you the quick removal of SATANA, a full scan of your computer, and high-quality protection against other viruses in the future.

Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How to decrypt files

To restore your files, you will in any case need a lot of time and effort. Except the payment of the ransom you have two ways to restore files: recover them with the help of special programs, and Shadow Volume Copies service, or to wait, until well-known malware-fighters will create a program for decryption. Programs created in this way are very effective, however, to create such program, and make it work, you need to hack the database of SATANA virus creators and get the secret keys. This is not an easy task, and there is no accurate predictions about its completion. So, if you choose this method, you may have to wait a few weeks, or even months.

Restoring using the shadow copy service can be made immediately, you just need to download a special program that will facilitate access to copies, and make it easier. We know two safe and totally free programs which will cope with this. They are called Recuva and ShadowExplorer. Both programs have their official websites where you can download them, and read detailed instructions on how to use them.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.