1. Once AntiRansomware has been installed, restart your computer and go to normal mode where the screen is locked by the ransomware.
  2. Trigger the AntiRansomeware Tool by pressing the following keys: Left CTRL + T + I. Note: The key press should be done on the client's keyboard and not from support side (Remote Control/LMI). In some cases, the key press may need to be done more than once.
  3. The screen lock should terminate and the AntiRansomware screen should appear.
  4. Click Scan to scan the computer for any ransomware files.
  5. Review and select the threats that you have verified to be malicious then press Clean.
  6. Click Reboot to restart the computer.

What's New:

  • Samples that only cover a small part of the screen but disables window switching are now detected.
  • Tool is now able to detect the foreground window where cursor is locked.
  • Fixed issue in ICE Ransomware cleanup
  • Implement process protect mechanism to prevent the tool from being killed by ransomware. Note: WinXP x64, Win2003 x64 are not supported by this feature.
  • Less strict terms/rules to determine whether a file is a malware or not. As long as the file in registry autorun key has no digital signature, it will show suspicious. Because of this feature, the user should fix items on AR Tool carefully.