Trend Micro's AntiRansomware Tool identifies and removes ransomware from infected PCs

Martin Brinkmann
Nov 30, 2013
Updated • Sep 28, 2017
Antivirus, Security

Ransomware is a form of malware that encrypts files on a PC so that users cannot access them anymore. To regain access to those files, users are asked to pay a ransom.

While there may be options to recover files without paying ransom, for instance by restoring them from backups or by finding a way to decrypt the files without paying the ransom, it is not always an option.

To make matters worse, paying the ransom does not guarantee that a decryption code will be made available.

New Ransomware variants appear on the Internet regularly. While most share the same methods of being spread -- usually via email attachments or downloads -- they often differ when it comes to the encryption algorithms used to encrypt files on PCs.

Trend Micro's AntiRansomware Tool


Trend Micro Ransomware File Decryptor has been designed to detect and remove Ransomware running on Windows PCs.

Note: The program is not protecting your PC in real-time, which means that it is not a suitable form of protection against Ransomware.  Use a security program like HitmanPro.Alert for that instead.

Once you have extracted Trend Micro's program on your system, you can launch the 32-bit or 64-bit version of it from the directory you have unpacked it to. You find the Ransomware scanner and remover in the AntiRansomware folder there.

The program displays a clean interface on start. Click on scan to start a scan for Ransomware on the system. The scan should not take too long, and will display a list of suspicious entries to you. Not all of those entries are necessary related to Ransomware.

You may be able to tell right away that some hits are not linked to Ransomware, while you may not be so sure about others.

You may need to research some entries if you are not sure if it is linked to Ransomware or not. The program itself does not offer any means to investigate those hits any further. While you do get information about its file path, name and location it has been found, you won't be able to do any other research from within the application.

I suggest you use a search engine to find out more about a particular file.

AntiRansomware provides you with options to clean selected entries from your system. It is highly advised to use that option only if you are sure that what you have selected is linked to Ransomware though.

Please note: Several versions of the tool exist on the Trend Micro support website. The most recent one appears to be version 3.0 build 6. It comes with an option to put it on a connected USB drive as well, which previous versions did not offer. You can boot infected PCs from the USB Drive to scan them and remove Ransomware that it finds. There is also a version 2.x that comes without USB support. I'm not sure if there are any other differences between the two versions.


If your PC is infected by Ransomware, or if you are asked to take a look at one that is, then you may find the software helpful to remove that infection. The program won't decrypt any of the encrypted files though, so make sure you can access them in another way or do not need them anymore before you start to clean the Ransomware infection using it.

Trend Micro's AntiRansomware is a free portable program for Windows that can come in very handy at times.

Now Read: Protect your PC against Cryptolocker Ransomware

software image
Author Rating
no rating based on 0 votes
Software Name
Trend Micro Ransomware File Decryptor
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. angrybuddhist said on December 2, 2013 at 9:49 am

    I installed HitmanPro Alert and couldn’t get my VPN to work. It (the VPN) worked again after uninstalling. Anyone know how to configure the program to work with VPN’s?

  2. said on December 2, 2013 at 5:31 am

    Ransom virus becomes a headache for all! I will prefer Hitman Pro!

  3. InterestedBystander said on November 30, 2013 at 10:57 pm

    Like Transcontinental, at first blush I don’t think too much of the Trend Micro approach. If you happen to catch the ransomware installation before it encrypts files then the software may be useful, but once your files are encrypted a system wipe and clean install will probably be a better solution. This form of malware is lucrative and evolving rapidly, and I suspect the window of opportunity where TM’s program is effective will narrow and then close.

  4. Transcontinental said on November 30, 2013 at 7:58 pm

    Anti-ransomware is the new market for security providers and, as always, there will be leaders and followers who need just to have this sort of anti-malware on their menu.
    No idea what Trend Micro is up to, but the simple confusion of having several versions displayed apparently à la va-vite doesn’t motivate me more than that to try their AntiRansomware.

    Moreover I’ve read that latest ransomware is getting fast, starts encrypting right away not after boot, a simple .exe in the TEMP folder for instance … I am more inclined to prevention, such as what seems to me the excellent HitmanPro.Alert mentioned above, still in beta, but a very nice baby I think.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.