Virus and Spyware Removal Guides, uninstall instructions

What is ritishdeliv[.]top?

ritishdeliv[.]top is the address of an untrusted website which, if visited, opens other pages of this kind or loads dubious content. There are many websites similar to ritishdeliv[.]top on the web. Some examples are nitenauth[.]top, cpmlink[.]net and hilanfavouris[.]top.

Generally, users do not visit these sites intentionally - they are opened via deceptive ads, other dubious pages or by installed potentially unwanted applications (PUAs).

What is Mac Cleaner?

Mac Cleaner is designed to clean, protect and optimize Mac computers by removing junk, duplicate files, and uninstalling unwanted, redundant apps, etc. In fact, this app is distributed using dubious methods. Users often download and install these apps onto their computers inadvertently and, therefore, they are categorized as potentially unwanted applications (PUAs).

What is pcgamestorrents[.]com?

pcgamestorrents[.]com is an untrusted Peer-to-Peer sharing website, allowing users to share content via torrent files. As well as infringing copyright laws, this site also poses a threat to device/user safety. Note that pcgamestorrents[.]com uses rogue advertising networks, and thus visitors to it are redirected to other dubious and malicious web pages.

Furthermore, torrent websites can offer Potentially Unwanted Applications (PUAs) and even Trojans, ransomware and other malware disguised as and/or packed with normal content. Therefore, you are strongly advised against visiting or using pcgamestorrents[.]com or other dubious download sources.

What is FakeMBAM?

Backdoor is malware that can be used to steal personal and/or financial data, install additional malware, and hijack devices. Research shows that FakeMBAM is a 'backdoor', which is used by cyber criminals to infect computers with other malware (install additional malware). FakeMBAM is distributed via a fake Malwarebytes installer.

What is nitenauth[.]top site?

nitenauth[.]top is a rogue website sharing many similarities with hilanfavouris.top, statestchool.club, a1-nerdhut.com and countless others. Visitors to this site are presented with dubious content and/or are redirected to other untrusted or possibly malicious pages.

Few visitors access these web pages intentionally - most access them via redirects caused by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already infiltrated into their devices. These apps do not need explicit permission to be installed onto systems. PUAs cause redirects, run intrusive advertisement campaigns and collect browsing-related data.

What is Searchkey APP?

Searchkey APP hijacks browsers by forcing users to visit keysearchs.com, the address of a fake search engine. It also reads and records certain data. Users often download and install browser hijackers unintentionally and, therefore, Searchkey APP and other apps of this type are classified as potentially unwanted applications (PUAs).

What is Encrp ransomware?

Discovered by Jirehlov Solace, Encrp is a ransomware-type program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".encrp" extension.

For example, a file originally named something like "1.jpg" would appear as "1.jpg.encrp" following encryption. Once this process is complete, random-demand messages in text files ("__READ_ME_TO_RECOVER_YOUR_FILES.txt") are dropped into compromised folders.

What is GlobalToolboxSearch?

GlobalToolboxSearch is a rogue application classified as adware and possesses capabilities typical of browser hijackers. Following successful installation, GlobalToolboxSearch operates by delivering intrusive ad campaigns, modifying browsers and promoting fake search engines.

Additionally, most adware programs and browser hijackers can track browsing-related data. Due to its dubious proliferation methods, GlobalToolboxSearch is classified as a Potentially Unwanted Application (PUA). This app is proliferated via fake Adobe Flash Player updaters.

Rogue software updaters/installers are often used to distribute not just PUAs, but also Trojans, ransomware and other malware.

What is OptimumSearch(S)?

Since OptimumSearch(S) is classified as a browser hijacker, it promotes a fake search engine (optimumsearch.net) by changing certain browser settings. It also reads browsing data and adds the "Managed by your organization" feature (on Chrome browsers).

Note that, in most cases, users download and install browser hijackers inadvertently and, for this reason, OptimumSearch(S) and similar apps are classified as potentially unwanted applications (PUAs).

What is Mmpa?

Mmpa belongs to the Djvu ransomware family. It encrypts files, renames them by appending its extension, and drops a ransom message in all folders containing encrypted files. Mmpa appends the ".mmpa" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.mmpa", "2.jpg" to "2.jpg.mmpa", and so on.

Instructions about how to contact the developers, cost of decryption tools, and various other details are provided in "_readme.txt" text files (the ransom messages).