Virus and Spyware Removal Guides, uninstall instructions

What is FakeMBAM?

Backdoor is malware that can be used to steal personal and/or financial data, install additional malware, and hijack devices. Research shows that FakeMBAM is a 'backdoor', which is used by cyber criminals to infect computers with other malware (install additional malware). FakeMBAM is distributed via a fake Malwarebytes installer.

What is nitenauth[.]top site?

nitenauth[.]top is a rogue website sharing many similarities with hilanfavouris.top, statestchool.club, a1-nerdhut.com and countless others. Visitors to this site are presented with dubious content and/or are redirected to other untrusted or possibly malicious pages.

Few visitors access these web pages intentionally - most access them via redirects caused by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already infiltrated into their devices. These apps do not need explicit permission to be installed onto systems. PUAs cause redirects, run intrusive advertisement campaigns and collect browsing-related data.

What is Searchkey APP?

Searchkey APP hijacks browsers by forcing users to visit keysearchs.com, the address of a fake search engine. It also reads and records certain data. Users often download and install browser hijackers unintentionally and, therefore, Searchkey APP and other apps of this type are classified as potentially unwanted applications (PUAs).

What is Encrp ransomware?

Discovered by Jirehlov Solace, Encrp is a ransomware-type program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".encrp" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.encrp" following encryption. Once this process is complete, random-demand messages in text files ("__READ_ME_TO_RECOVER_YOUR_FILES.txt") are dropped into compromised folders.

What is GlobalToolboxSearch?

GlobalToolboxSearch is a rogue application classified as adware and possesses capabilities typical of browser hijackers. Following successful installation, GlobalToolboxSearch operates by delivering intrusive ad campaigns, modifying browsers and promoting fake search engines.

Additionally, most adware programs and browser hijackers can track browsing-related data. Due to its dubious proliferation methods, GlobalToolboxSearch is classified as a Potentially Unwanted Application (PUA). This app is proliferated via fake Adobe Flash Player updaters.

Rogue software updaters/installers are often used to distribute not just PUAs, but also Trojans, ransomware and other malware.

What is OptimumSearch(S)?

Since OptimumSearch(S) is classified as a browser hijacker, it promotes a fake search engine (optimumsearch.net) by changing certain browser settings. It also reads browsing data and adds the "Managed by your organization" feature (on Chrome browsers).

Note that, in most cases, users download and install browser hijackers inadvertently and, for this reason, OptimumSearch(S) and similar apps are classified as potentially unwanted applications (PUAs).

What is Mmpa?

Mmpa belongs to the Djvu ransomware family. It encrypts files, renames them by appending its extension, and drops a ransom message in all folders containing encrypted files. Mmpa appends the ".mmpa" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.mmpa", "2.jpg" to "2.jpg.mmpa", and so on.

Instructions about how to contact the developers, cost of decryption tools, and various other details are provided in "_readme.txt" text files (the ransom messages).

What is PDFt Search?

PDFt Search is rogue software classified as a browser hijacker. Following successful installation, it makes modifications to browser settings to promote find.pdftsearch.net (a fake search engine). PDFt Search also adds the "Managed by your organization" feature to Google Chrome browsers.

Most browser hijackers monitor users' browsing activity, and PDFt Search is no exception to this. Due to the dubious techniques used to proliferate PDFt Search, it is also classified as a Potentially Unwanted Application (PUA).

What is See_read_me?

See_read_me is a new variant of Adhubllka ransomware. This particular variant was discovered by xiaopao. It encrypts files, modifies their filenames and creates a ransom message. See_read_me renames files by appending the ".see_read_me" extension to filenames.

For example, "1.jpg" is renamed to "1.jpg.see_read_me", "2.jpg" to "2.jpg.see_read_me", etc. Instructions about how to contact the developers can be found in the "Read_Me.txt" text file, which See_read_me drops in all folders that contain encrypted files.

What is cpmlink[.]net?

cpmlink[.]net is an untrusted website offering URL (website address) shortening services. This site uses rogue advertising networks and, therefore, visitors to cpmlink[.]net might be presented with dubious advertisements and redirected to other bogus and even malicious websites.

These unwanted ads and untrusted websites pose a significant threat to device and user safety. Therefore, you are strongly advised against visiting and/or using cpmlink[.]net.