Using the Trend Micro Anti-Threat Toolkit to remove malware infection

  • Solution ID:1097554
  • Last Updated:Oct. 01, 2019 2:02 AM (PST)
  • Applies to:Antivirus+ Security - 2018;2019;2020;Internet Security - 2018;Internet Security - 2019;Internet Security - 2020;Maximum Security - 2018;Maximum Security - 2019;Maximum Security - 2020;Premium Security - 2018;Premium Security - 2019;Premium Security - 2020;
  • How to Use Trend Micro Anti-Threat Toolkit to remove malware infection

Learn how to use the Trend Micro Anti-Threat Toolkit (ATTK) to remove malware infection.


To remove malware on infected computers, do the following:

  1. Download the Anti-Threat Toolkit:
    For computers with Internet connection

    Online Scan / Clean Tool (32-bit)

    Online Scan / Clean Tool (64-bit)

    For computers without Internet connection

    Offline Scan / Clean Tool (32-bit)

    Offline Scan / Clean Tool (64-bit)

  2. Read the Trend Micro License Agreement. Once you click I Accept, the download will start.
  3. Log on to the computer that is infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
  4. After copying the Anti-Threat Toolkit, right-click on the tool and then click Run as administrator.
  5. Click Yes when the User Account Control window appears.
  6. Click Scan Now when the Trend Micro Anti-Threat Toolkit window appears.

    Click Scan Now

    The scan may take some time. The tool will scan your computer and list the threats it finds.

    Fix Problems

  7. The tool will show a summary of the scan. Click Fix Now to clean your computer.
  8. Click Close to close the Anti-Threat Toolkit after your computer has been cleaned.
  9. Click Proceed to send the information the tool collected to Trend Micro Technical Support.

    Proceed

    You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support and a Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.
  10. Go to Trend Micro Anti-Threat Toolkit folder > Output.
    You will find a .ZIP file with the filename containing the timestamp and GUID.

    Time Stamp and GUID

  11. Do either of the following if you still need help after you cleaned your computer:
    • If you have an existing case, send the .ZIP file together with the temporary ID number to the engineer who is handling your case.
    • If you do not have an existing case, send the .ZIP file to our Technical Support for analysis.