Ransomware is a form of malware that encrypts files on a PC so that users cannot access them anymore. To regain access to those files, users are asked to pay a ransom.
While there may be options to recover files without paying ransom, for instance by restoring them from backups or by finding a way to decrypt the files without paying the ransom, it is not always an option.
To make matters worse, paying the ransom does not guarantee that a decryption code will be made available.
New Ransomware variants appear on the Internet regularly. While most share the same methods of being spread -- usually via email attachments or downloads -- they often differ when it comes to the encryption algorithms used to encrypt files on PCs.
Trend Micro Ransomware File Decryptor has been designed to detect and remove Ransomware running on Windows PCs.
Note: The program is not protecting your PC in real-time, which means that it is not a suitable form of protection against Ransomware. Use a security program like HitmanPro.Alert for that instead.
Once you have extracted Trend Micro's program on your system, you can launch the 32-bit or 64-bit version of it from the directory you have unpacked it to. You find the Ransomware scanner and remover in the AntiRansomware folder there.
The program displays a clean interface on start. Click on scan to start a scan for Ransomware on the system. The scan should not take too long, and will display a list of suspicious entries to you. Not all of those entries are necessary related to Ransomware.
You may be able to tell right away that some hits are not linked to Ransomware, while you may not be so sure about others.
You may need to research some entries if you are not sure if it is linked to Ransomware or not. The program itself does not offer any means to investigate those hits any further. While you do get information about its file path, name and location it has been found, you won't be able to do any other research from within the application.
I suggest you use a search engine to find out more about a particular file.
AntiRansomware provides you with options to clean selected entries from your system. It is highly advised to use that option only if you are sure that what you have selected is linked to Ransomware though.
Please note: Several versions of the tool exist on the Trend Micro support website. The most recent one appears to be version 3.0 build 6. It comes with an option to put it on a connected USB drive as well, which previous versions did not offer. You can boot infected PCs from the USB Drive to scan them and remove Ransomware that it finds. There is also a version 2.x that comes without USB support. I'm not sure if there are any other differences between the two versions.
If your PC is infected by Ransomware, or if you are asked to take a look at one that is, then you may find the software helpful to remove that infection. The program won't decrypt any of the encrypted files though, so make sure you can access them in another way or do not need them anymore before you start to clean the Ransomware infection using it.
Trend Micro's AntiRansomware is a free portable program for Windows that can come in very handy at times.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.