Learn how to use the Trend Micro Anti-Threat Toolkit (ATTK) to perform system forensic scans and clean the following infections:
- General malware infection
- Master boot record Infection
- CIDOX/ ROVNIX infection
- Rootkit infection
- Zbot infection
- Cryptolocker infection
To collect suspicious files, Ransomware samples and System Information, do the following:
- Download the Anti-Threat Toolkit by clicking your operating system version below:
Anti-Threat Toolkit for 32-bit systems
Anti-Threat Toolkit for 64-bit systems
To know what operating system type you’re on, see the link below.
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system - Read the Trend Micro License Agreement. Once you click I Accept, the download will start.
- Log on to the computer that is possibly infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
- After copying the Anti-Threat Toolkit, right-click on the tool, then click Run as administrator.
- Click Yes when the User Account Control window appears.
A Command Prompt window will appear to show the system forensic analysis progress.
A browser window will appear after the analysis finishes.
- Click Proceed to send the information the tool collected to Trend Micro Technical Support. You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support.
The Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.
- Go to Trend Micro Anti-Threat Toolkit folder > Output.
You will find a .ZIP file with the filename containing the timestamp and GUID.
- Do either of the following:
- If you have an existing case, send a copy of the .ZIP file together with the temporary ID number to the engineer who is handling your case.
- If you do not have an existing case, send the .ZIP file to our Technical Support for analysis.
To clean infected computers, do the following:
- Download the Anti-Threat Toolkit:
For computers with Internet connection
Online Scan / Clean Tool (32-bit)
Online Scan / Clean Tool (64-bit)
For computers without Internet connection
Offline Scan / Clean Tool (32-bit)
Offline Scan / Clean Tool (64-bit)
To know what operating system type you’re on, see the link below.
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system - Read the Trend Micro License Agreement. Once you click I Accept, the download will start.
- Log on to the computer that is infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
- After copying the Anti-Threat Toolkit, right-click on the tool and then click Run as administrator.
- Click Yes when the User Account Control window appears.
- Click Scan Now when the Trend Micro Anti-Threat Toolkit window appears.
The scan may take some time. The tool will scan your computer and list the threats it finds.
- The tool will show a summary of the scan. Click Fix Now to clean your computer.
- Click Close to close the Anti-Threat Toolkit after your computer has been cleaned.
- Click Proceed to send the information the tool collected to Trend Micro Technical Support.
You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support and a Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.
- Go to Trend Micro Anti-Threat Toolkit folder > Output.
You will find a .ZIP file with the filename containing the timestamp and GUID. - Do either of the following if you still need help after you cleaned your computer:
- If you have an existing case, send the .ZIP file together with the temporary ID number to the engineer who is handling your case.
- If you do not have an existing case, send the .ZIP file to our Technical Support for analysis.
Editor by : BEST Antivirus KBS Team