Did this article help you?
Thank you for your feedback!
The FBI Ransomware has been infecting machines from around the world and is the top Ransomware for five weeks straight now, based from NABU Consumer data.
Recently, a new variant started spreading under the guise of the Royal Canadian Mounted Police.
Trend Micro's standalone solution is the AntiRansomware and received positive feedback from Support Engineers:
- Tool was able to execute on an infected environment and kill the ransomware process.
- For ransomware which uses digitally signed process, the tool will not kill the process and instead minimize it.
[ Expand All ]
Enhancements of AntiRansomware Tool
AntiRansomware Tool 2.0 build 10:
AntiRansomware Tool 2.0 build 11:
- Samples that only cover a small part of the screen but disables window switching are now detected.
- Tool is now able to detect the foreground window where cursor is locked.
Installing AntiRansomware Tool
- Go to Safe mode with Networking.
- Download the AntiRansomware Tool and save it to your desktop.
- Double-click AR20_build12.exe to run it.
Note: This tool can be installed on Safe Mode with Networking. Also through USB on Regular Safe Mode and Safe Mode with Command Prompt.
- Click Install to start extracting the AntiRansomware tool.
Note: For Windows XP users, make sure to uncheck Protect my computer and data from unauthorized program activity before running the tool.
Using AntiRansomware Tool
- Once AntiRansomware has been installed, restart your computer and go to normal mode where the screen is locked by the ransomware.
- Trigger the AntiRansomeware Tool by pressing the following keys: Left CTRL + ALT + T + I.
Note: The key press should be done on the client’s keyboard and not from support side (Remote Control/LMI). In some cases, the key press may need to be done more than once.
- The screen lock should terminate and the AntiRansomware screen should appear.
- Click Scan to scan the computer for any ransomware files.
- Review and select the threats that you have verified to be malicious then press Clean.
- Click Reboot to restart the computer.
OfficeScan - 10.0, 10.5, 10.6;11.0;Worry-Free Business Security Standard/Advanced - 8.0, Worry-Free Business Security Standard/Advanced - 7.0, Worry-Free Business Security Standard/Advanced - 9.0;