CaSIR v4.0 - Common and Stubborn Infections Remover (166.1 KiB, 222,967 hits)
If you have reached this page, then you probably have a very serious security problem which none of the well-known antivirus/antispyware software is able to deal with.
CaSIR is a FREE software to remove CaSIs.
What are CaSIs?
CaSIs is short for Common and Stubborn Infectors. These are malicious programs (Viruses, Worms, Trojans, etc.) that are notoriously difficult to detect and to remove by regular anti-virus programs. These malicious programs often have the capability to disable your computer or your anti-virus programs.
Good examples of these infectors are:
Trojan.Win32.Small.wv (Medichi & Medichi2)
Worm.Win32.AutoRun.dkk (Ahsan virus)
If one of the above nasty infectors infected your computer, you will not be able to install any of the well-known Antivirus software like Kaspersky, Mcafee, Norton, AVG, Panda… (and about 135 more different AVs!) and please, don’t try to use Safe Mode to remove them manually because those infectors will disable “Safe Mode”!
How do you get infected by these CaSI’s?
Well, mostly because you open an attachment from an email that isn’t from one of your friends. Or by using infected removable storage media (CDs,DVDs/Floppy disks/Flash disks, Memory Cards…). Or just by visiting a suspicious website which can result in your computer being compromised.
The only thing that could have saved you was having a good Anti-Virus program with up-to-date signatures. If you didn’t have those installed on your computer these CaSI’s could enter your system with ease and change lots of settings and take over your machine!
Once you are infected, NOTHING (no well-known anti-virus program) can rescue you anymore. You and your computer are doomed.
But now there is a solution and it is called CaSIR
What is CaSIR?
CaSIR (Common And Stubborn Infections Remover) — is an on-demand malware removal software. We designed it especially to remove the most common and stubborn infections from your computer. It can remove their running processes, their bodies, their registry entries and any other leftovers!
CaSIR doesn’t randomly search for CaSIs, but he goes directly to the areas that a specific CaSI infects and removes it from there, hence, it does its job in mere seconds!
CaSIR does more than that. It has a generic and strong technique that allows it to do the following:
CaSIR removes the common restrictions made to your computer by these infectors which none of the AVs deal with.
CaSIR removes the illegitimate services/processes frequently used by these infectors.
CaSIR recognizes and instantly kills and deletes any running process/service that is disguising itself among the legitimate system services/processes.
CaSIR removes any scripts used by these infectors to autorun.
CaSIR removes any autostarting registry entries related to the illegitimate services/processes he detects.
CaSIR deals with all your storage media (Fixed, floppy, removable…) and cleans them up all if need be.
CaSIR cleans up your system registry so no more spy keys, garbage activities or messages keep asking for already deleted files.
CaSIR’s signatures are fully updatable, once you download the software, all you need to do is to download the new definitions file frequently and you’re up-to-date and ready-to-go.
How to use CaSIR?
Just extract the zip-file you download which contains only two files:
- CaSIR38.exe: The main executable file.
- casirdef.cas The definitions file.
Simply run CaSIR (in Normal Mode) and press Start, Wait for seconds’ and you’re done!
If CaSIR detected any CaSIs, it will restart your computer and works in what we call “Pre-$hell mode”, after finishing it’s job, CaSIR will restart your computer in Normal mode.
1. Since CaSIR is a security software that deal with your file system, your system registry and running processes and services, it MUST be given all the rights it demands in order to remove any infection. Some other security software will try to block CaSIR or even flag it as malicious and prevent it from doing its job, please make sure it’s not blocked and there’s no other program blocking CaSIR. During disinfection process we recommend you to disable any other security solution you are running such as Antivirus, Firewall, monitoring tools ..etc.
2. Please do NOT attempt to run CaSIR in safe mode, CaSIR needs to investigate your system to know what CaSIs are active, if you ran CaSIR in safe mode, he might not be able to detect any active CaSIs, as they usually do not run in safe mode!
3. If you have more than one infected computer connected together to the same network, doNOT attempt to use CaSIR on the infected computer while the other infected ones are connected to it, this would results in getting infected again and again. You always need to disconnect the infected computer from the network before using CaSIR and do so with all your infected computers one by one!
4. For all people who face the problem of getting stuck on the logon screen or getting into infinite loop of logging on and off, this is because they don’t read the instructions above. Please do not reformat your system, the solution is very easy:
When the empty desktop appears, press CTRL+ALT+DEL keys to bring up the Task Manager, in the task manager click File menu and select New task, then type “regedit” then click enter. Now go to the following registry key:
In the right panel you will see the registry entry called UserInet, double click it and change its value to : “Userinit.exe” then click enter, then restart your computer.
This will solve the problem. But please next time do not run CaSIR unless you have full administrator rights and UAC is set to OFF and make sure CaSIR is in your Antivirus/Firewall white list.
What is “CDS Jobs” button? and why is it there?
CDS is short for “CaSIR Deep Scanner”. This is the part of CaSIR which uses the classic method of searching for malware; By the binary signature. We have added this new section of CaSIR starting from v2.0 because we lately noticed that some CaSIs’ authors have developed a new method of making identifying their malware more difficult, that is to make the CaSI spread using random file names, random registry keys, random registry values and random running processes names, so that any algorithm based on the malware File/Folder/RegKey/RegVal/Running Modules/Processes/Threads names would fail and be of no use!
If CaSIR detected any such a nasty CaSIs (those with random techniques), he will analyze the situation first and kill the active parts of the CaSI, then invoke the CDS which will scan all your hard disks/floppy disks/flash disks/memory cards/iPod/MP3/WMA Drivers available on your system to clean them, then he will restart your computer in Pre-$hell mode to continue removing the other CaSIs, after finishing it’s job, CaSIR will restart your computer in normal mode with a “Congratulations” message!
Please note that you can cancel those operations at any time, but we strongly don’t recommend that, because by doing that, you will put your computer in a dangerous situation as the CaSI will come back again when you restart your computer, so please be patient and let CaSIR finish it’s job.
Does CaSIR generate a log report?
Yes, after every phase of work, CaSIR will automatically generate a report file and saves it in same folder where CaSIR is. The report file always has the name: casirrpt.txt! This file is needed by us when you have any problem or inquiry and need to contact us, so please don’t forget to attach this file with your inquiry.
How to update CaSIR definitions?
There’s two methods of getting updates, offline and Online:
1. Online method:
Simply press “Update” button and follow the instructions on screen.
2. Offline method:
Visit www.sergiwa.com and go to downloads section, under Security software, you’ll find CaSIR Definitions file. Download it. The definitions file is a very small zipped file that contains the CaSIs signatures. All you have to do is to download casirdef.zip, extract its contents and replace it with the old one!
What are those RNP, GFL, SFL, GFD, SFD, RKM, RKD, RKA, RSO?
When CaSIR find an infection on your computer, it shows up the infection in the following way :
XXX – YYY
XXX: is the type of the infection found
YYY: is the infection itself
XXX has 9 different keywords
RNP : Running Process
GFL : Group of Files
SFL : Single File
GFD : Group of Folders
SFD : Single Folder
RKM : Registry Key to be Modified
RKD : Registry Key to be Deleted
RKA : Registry Key to be Added
RSO: Regular System Optimization
Do you have to buy CaSIR?
No; you don’t have to. CaSIR is 100% free of charge (for personal use only).
Developer: Issam Sergiwa
Company: Sergiwa Software
OS: Windows XP, Windows Vista, Windows 7 (32Bit)