Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Using the Trend Micro AntiRansomware Tool in OfficeScan

    • Updated:
    • 17 Oct 2016
    • Product/Version:
    • OfficeScan 10.6
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Platform:
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

The FBI Ransomware has been infecting machines from around the world and is the top Ransomware for five weeks straight now, based from NABU Consumer data.

FBI Ransomware

Recently, a new variant started spreading under the guise of the Royal Canadian Mounted Police.

Royal Canadian Mounted Police

Details
Public

Trend Micro's standalone solution is the AntiRansomware and received positive feedback from Support Engineers:

  • Tool was able to execute on an infected environment and kill the ransomware process.
  • For ransomware which uses digitally signed process, the tool will not kill the process and instead minimize it.

AntiRansomware Tool 2.0 build 13:

  • Now supports the latest variant of ICE Ransomware

AntiRansomware Tool 2.0 build 11:

  • Samples that only cover a small part of the screen but disables window switching are now detected.
  • Tool is now able to detect the foreground window where cursor is locked.

AntiRansomware Tool 2.0 build 10:

  • Fixed issue in ICE Ransomware cleanup
  • Implement process protect mechanism to prevent the tool from being killed by ransomware.
     
    WinXP x64, Win2003 x64 are not supported by this feature.
  • Less strict terms/rules to determine whether a file is a malware or not. As long as the file in registry autorun key has no digital signature, it will show suspicious. Because of this feature, the user should fix items on AR Tool carefully.
  1. Go to Safe mode with Networking.
  2. Download the AntiRansomware Tool and save it to your desktop.
  3. Double-click AR20_build13.exe to run it.
     
    This tool can be installed on Safe Mode with Networking. Also through USB on Regular Safe Mode and Safe Mode with Command Prompt.
  4. Click Install to start extracting the AntiRansomware tool.
     
    For Windows XP users, make sure to uncheck "Protect my computer and data from unauthorized program activity" before running the tool.&

    Uncheck "Protect my computer and data from unauthorized program activity"

  1. Once AntiRansomware has been installed, restart your computer and go to normal mode where the screen is locked by the ransomware.
  2. Trigger the AntiRansomeware Tool by pressing the following keys: Left CTRL + ALT + T + I.
     
    The key press should be done on the client’s keyboard and not from support side (Remote Control/LMI). In some cases, the key press may need to be done more than once.
  3. The screen lock should terminate and the AntiRansomware screen should appear.

    AntiRansomware Tool

  4. Click Scan to scan the computer for any ransomware files.
  5. Review and select the threats that you have verified to be malicious then press Clean.
  6. Click Reboot to restart the computer.
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1097042
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.