Ransomware is a special type of malware that encrypts your files or locks your computer and then demands ransom money to decrypt the files or unlock your computer. For example, the Cryptolocker ransomware, which has been in news these days, encrypts all your personal files using RSA-2048 cipher and then demands you to send USD 100 or EUR 100 over to the cyber-criminal’s bank accounts. Once the crooks receive the money, the file decryption is started. Since the files are encrypted with a very strong cipher, even the experts from security companies are not able to restore your files.
Trend Micro, the makers of the popular Titanium series of security software, have come up with a free tool called Trend Micro AntiRansomware tool. This tool can be used to remove the ransomware infections from an infected PC.
You can download the Trend Micro AntiRansomware tool from the Trend Micro website. After this you have to create a bootable USB drive which would be used to boot an infected PC. You can follow these instructions for this:
Step 1. Create a bootable USB drive for AntiRansomware on a Clean PC
- Download the AntiRansomware Tool to your desktop.
- Extract the contents of the downloaded RAR file to a folder. You can use 7-Zip to extract the files.
- Insert a blank USB drive in your PC. If you insert a USB disk with files, then all files shall be destroyed during the next step, so make a backup of these files if needed.
- Double-click on ARUSBMaker.exe to start the USB creation wizard. All you have to do is click on the Create button and it will take care of everything. In a few seconds, it will show message that “Make AntiRansomware was successful”.
Step 2. Boot from the AntiRansomware USB Disk on Infected PC
- Insert the AntiRansomware USB disk in one of the USB ports of the PC.
- Power on your PC and press F12 to select a boot device, then select the USB disk. If you have an older PC, then you may have to adjust your system BIOS to boot from the USB disk.
- When your PC boots from the USB disk, you would see a Trend Micro message copyright message and then the AntiRansomware shall start by itself.
- Click on the Scan button to scan your system for possible ransomware. This would start the scanning of your computer’s key areas where a ransomware possibly hides.
- When it finds anything, it would list the found files or other items in the list. You can click on the Clean button to remove the found suspicious items.
- Click Reboot to restart the computer.
You have to remember that if you have got infected once, then there might be possibility of more security risks present on your PC. You should scan your system with ESET Online Scanner or Trend Micro HouseCall and fix anything found. You can also consult a security expert if required.