Using the Trend Micro Anti-Threat Toolkit to analyze malware issues and clean infections - For Home and Home Office users

Learn how to use the Trend Micro Anti-Threat Toolkit (ATTK) to perform system forensic scans and clean the following infections:
  • General malware infection
  • Master boot record Infection
  • CIDOX/ RODNIX infection
  • Rootkit infection
  • Zbot infection
  • Cryptolocker infection

Collect suspicious files and system information
  1. Download the Anti-Threat Toolkit by clicking your operating system version below:

     

  2. Read the Trend Micro License Agreement. Once you click I Accept, the download will start.
    License Agreement

     

  3. Choose the preferred directory where the tool will be stored then click Save.
  4. Log on to the computer that is possibly infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
  5. After copying the Anti-Threat Toolkit, right-click the tool and then click Run as administrator.
    ATTK Collector

     

  6. Click Yes when the User Account Control window appears.
    A Command Prompt window will appear to show the system forensic analysis progress.
    CMD screen

     

    A browser window will appear after the analysis finishes.
  7. Click Proceed to send the information the tool collected to Trend Micro Technical Support. You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support.
    Smart Protection Network (SPN) ID

     

    The Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.
  8. Go to Trend Micro Anti-Threat Toolkit folder > Output.
    You will find a .ZIP file with the filename containing the timestamp and GUID.
    Time stamp and GUID

     

  9. Do either of the following:
    • If you have an existing case, send a copy of the .ZIP file together with the temporary ID number to the engineer who is handling your case.
    • If you do not have an existing case, send the .ZIP file to our Technical Support for analysis.

Clean infected computers
  1. Download the Anti-Threat Toolkit:
  2. Read the Trend Micro License Agreement, then click I Accept to agree with the EULA and download the tool.
  3. Click Save when the File Download window appears.
  4. Select Desktop as the download location, then click Save.
  5. Log on to the computer that is possibly infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
  6. After copying the Anti-Threat Toolkit, right-click the tool and then click Run as administrator.
  7. Click Yes when the User Account Control window appears.
  8. Click Scan Now when the Trend Micro Anti-Threat Toolkit window appears.
    Click Scan Now

     

    The scan may take some time. The tool will scan your computer and list the threats it finds.
    Fix Problems

     

  9. The tool will show a summary of the scan. Click Fix Now to clean your computer.
  10. Click Close to close the Anti-Threat Toolkit after your computer has been cleaned.
  11. Click Proceed to send the information the tool collected to Trend Micro Technical Support.
    Proceed

     

    You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support and a Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.
  12. Go to Trend Micro Anti-Threat Toolkit folder > Output.
    You will find a .ZIP file with the filename containing the timestamp and GUID.
    Time Stamp and GUID

     

  13. Do either of the following if you still need help after you have cleaned your computer:
    • If you have an existing case, send the .ZIP file together with the temporary ID number to the engineer who is handling your case.
    • If you do not have an existing case, send the .ZIP file to our Technical Support for analysis.

Clean MBR, CIDOX/ RODNIX or Rootkit infection using ATTK with Cleanboot
To use the Trend Micro Anti-Threat Toolkit (ATTK) with Clean Boot, follow the steps below:
  1. Download the Anti-Threat Toolkit by clicking your operating system type below:
    Notes:
  2. Read the License Agreement, then click I Agree.
  3. A download will be initiated, run the downloaded tool to start using it.
  4. Once the tool is open, click on Scan Now to check the computer for threats.
    Scan Now

     

  5. After the scan, detected threats should be displayed. Click on Fix Now to begin with the clean-up process.
    Fix Now

     

    Some threats require a special tool such as Clean Boot. If you get this option just click on Clean Boot to continue.
    clean boot

     

  6. Click OK to confirm the installation of Clean Boot.
    remove threats

     

  7. Click OK to restart the computer.
    restart computer

     

  8. After the computer restarts, the computer will now start with Clean Boot. On the boot manager, press enter on Trend Micro Clean Boot.
    Clean Boot Manager

     

    On the next screen, you will get the Startup and initialization screen.
    Trend Micro Clean Boot

     

    Once the tool has been successfully initialized, the Quick scan will automatically trigger.
    Rescue Disk

     

  9. After the scan, the computer needs to be restarted. On the boot menu, select on your operating system then press enter.
    Windows Boot Manager

     

  10. After loading the operating system, ATTK will automatically run and display the results of the scan
    Threats List

     


Clean ZBot or Cryptolocker infection using ATTK
  1. Click any of the links below to download the tool:
  2. Read the Trend Micro License Agreement, then click I Accept to agree with the EULA and download the tool.
  3. Click Save when the File Download window appears.
  4. Select Desktop as the download location, then click Save.
  5. Once the download completes, right-click the tool, then click Run as administrator.
  6. Click Yes when the User Account Control window appears.
  7. Click Scan Now when the Trend Micro Anti-Threat Toolkit window appears.
    Click Scan Now

     

    The scan may take some time. The tool will scan your computer and list the threats it finds.
    Fix Problems

     

  8. The tool will show a summary of the scan. Click Fix Now to clean your computer.
  9. Click Close to close the Anti-Threat Toolkit after your computer has been cleaned.

Collect ransomware samples and system information
  1. Download the Anti-Threat Toolkit by clicking your operating system version below:
  2. Read the Trend Micro License Agreement. Once you click I Accept, the download will start.
    License Agreement

     

  3. Choose the preferred directory where the tool will be stored then click Save.
  4. Log on to the computer that is possibly infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
  5. After copying the Anti-Threat Toolkit, right-click the tool and then click Run as administrator.
    ATTK Collector

     

  6. Click Yes when the User Account Control window appears.
    A Command Prompt window will appear to show the system forensic analysis progress.
    CMD screen

     

    A browser window will appear after the analysis finishes.
  7. Click Proceed to send the information the tool collected to Trend Micro Technical Support. You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support.
    Smart Protection Network (SPN) ID

     

    The Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.
  8. Go to Trend Micro Anti-Threat Toolkit folder > Output.
    You will find a .ZIP file with the filename containing the timestamp and GUID.
    Time stamp and GUID

     

  9. Do either of the following:
    • If you have an existing case, send a copy of the .ZIP file together with the temporary ID number to the engineer who is handling your case.
    • If you do not have an existing case, send the .ZIP file to our Technical Support for analysis.
Video Tutorial

Applies To: Antivirus+ Security - 2015;Antivirus+ Security - 2016;Antivirus+ Security - 2017;Internet Security - 2015;Internet Security - 2016;Internet Security - 2017;Maximum Security - 2015;Maximum Security - 2016;Maximum Security - 2017;Premium Security - 2015;Premium Security - 2016;Premium Security - 2017;Titanium AntiVirus + - All;Titanium Internet Security - All;Titanium Maximum Security - All;Titanium Premium Security - All;

Last Updated: Sep. 12, 2016 4:26 AM (PST)
Solution ID: 1059509