Sarah_G@ausi.com virus is a term used to identify Satana ransomware that that encrypts the files on the computers it infects and append them with a new file extension name. The file extension that is added to files encrypted by this virus will vary per each infected person. The virus will add an email address and then three underscores to the filename. There are several different email addresses used so it will change for different victims. In this case the virus uses Sarah_G@ausi.com, which would mean that test.png could become Sarah_G@ausi.com___test.png.
The Sarah_G@ausi.com virus will also add a ransom note titled !satana!.txt in each folder that it infects files in. The !satana!.txt file starts off by saying “You had bad luck. There was crypting of all your files in a FS bootkit virus <!SATANA!>” and further contains additional information and instructions how to decrypt your files by paying a ransom and obtaining a special key.
To make matters much worse, the ransomware will install a bootlocker to prevent you from logging into Windows. The bootlocker installed by the ransomware will display immediately before Windows starts and require a password before it will allow a victim to start Windows. The Sarah_G@ausi.com Ransomware requires .5 bitcoins in order to get the decryption key.
When Sarah_G@ausi.com ransomware is initially contracted it will scan all local drives and unmapped network shares for certain file types and encrypt then. The targeted file types are:
.bak, .doc, .jpg, .jpe, .txt, .tex, .dbf, .db, .xls, .cry, .xml, .vsd, .pdf, .csv, .bmp, .tif, .1cd, .tax, .gif, .gbr, .png, .mdb, .mdf, .sdf, .dwg, .dxf, .dgn, .stl, .gho, .v2i, .3ds, .ma, .ppt, .acc, .vpd, .odt, .ods, .rar, .zip, .7z, .cpp, .pas, .asm,
Once this si complete it will then add a new file extension to the files it infects. It will append an email address and then three underscores to the filename. The inserted email address is specific to the victim. The virus claims that the victim must contact the specific email address after making payment in order to retrieve the decryption key.
Sarah_G@ausi.com ransomware is usually spread via malicious browser attachments inside email messages. It can also be spread by compromised websites that host malware and malicious social media posts.
As you can see this is a very serious computer infection. It is not recommended to make a payment to the malware author unless you have no choice. Unfortunately, at this time there is no way to decrypt Sarah_G@ausi.com encrypted files for free. If anything is discovered, it will be posted on this webpage so bookmark it for future reference.
How to remove Sarah_G@ausi.com virus
1. Download and Install Malwarebytes Anti-Malware software to remove malicious files from your computer.
2. Open Malwarebytes and click the Scan Now button.
3. Once the Malwarebytes scan is complete click the Remove Selected button.
4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer if promoted to do so.
5. Download and Install HitmanPro by Surfright to perform a second-opinion scan and remove remaining traces.
6. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.
7. Once the HitmanPro scan is complete click the Next button.
8. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.
9. Click the Reboot button.
10. Download and Install CCleaner by Piriform to clean your registry, remove left-over files, and repair settings.
11. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.
12. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.
13. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.
How to stay protected against future infections
The key to staying protected against future infections is to follow common online guidelines and take advantage of reputable Antivirus and Anti-Malware security software with real-time protection.
Real-time security software
Security software like Malwarebytes and Norton Security have real-time features that can block malicious files before they spread across your computer. These programs bundled together can establish a wall between your computer and cyber criminals.
Common Online Guidelines
- Backup your computer and personal files to an external drive or online backup service
- Create a restore point on your computer in case you need to restore your computer to a date before infection
- Avoid downloading and installing apps, browser extensions, and programs you are not familiar with
- Avoid downloading and installing apps, browser extensions, and programs from websites you are not familiar with – some websites use their own download manager to bundle additional programs with the initial download
- If you plan to download and install freeware, open source software, or shareware make sure to be alert when you install the object and read all the instructions presented by the download manager
- Avoid torrents and P2P clients
- Do not open email messages from senders you do not know