Grant Admin Full Control

CaSIR v3.5 – Common and Stubborn Infections Remover

 

Description:

If you have reached this page, then you probably have a very serious security problem which none of the well-known antivirus/antispyware software is able to deal with.

 

 

CaSIR is a FREE software to remove CaSIs.

 

 

What are CaSIs?

CaSIs is short for Common and Stubborn Infectors. These are malicious programs (Viruses, Worms, Trojans, etc.) that are notoriously difficult to detect and to remove by regular anti-virus programs. These malicious programs often have the capability to disable your computer or your anti-virus programs.

 

 

Good examples of these infectors are:

Win32.Brontok.q
Win32.Delf.cc
Win32.VB.by
Win32.VB.cz
Trojan.Win32.Small.wv (Medichi & Medichi2)
Trojan-Downloader.Win32.Todon.ai
Trojan-Downloader.Win32.Todon.aj
Worm.Win32.AutoRun.dkk (Ahsan virus)
Trojan-Downloader.Win32.VB.bbl

 

If one of the above nasty infectors infected your computer, you will not be able to install any of the well-known Antivirus software like Kaspersky, Mcafee, Norton, AVG, Panda… (and about 135 more different AVs!) and please, don’t try to use Safe Mode to remove them manually because those infectors will disable “Safe Mode”!

 

 

How do you get infected by these CaSI’s?

Well, mostly because you open an attachment from an email that isn’t from one of your friends. Or by using infected removable storage media (CDs,DVDs/Floppy disks/Flash disks, Memory Cards…). Or just by visiting a suspicious website which can result in your computer being compromised.

 

 

The only thing that could have saved you was having a good Anti-Virus program with up-to-date signatures. If you didn’t have those installed on your computer these CaSI’s could enter your system with ease and change lots of settings and take over your machine!

 

 

Once you are infected, NOTHING (no well-known anti-virus program) can rescue you anymore. You and your computer are doomed.

 

 

But now there is a solution and it is called CaSIR

 

 

What is CaSIR?

 

CaSIR (Common And Stubborn Infections Remover) — is an on-demand malware removal software. We designed it especially to remove the most common and stubborn infections from your computer. It can remove their running processes, their bodies, their registry entries and any other leftovers!

 

CaSIR doesn’t randomly search for CaSIs, but he goes directly to the areas that a specific CaSI infects and removes it from there, hence, it does its job in mere seconds!

CaSIR does more than that. It has a generic and strong technique that allows it to do the following:

. CaSIR removes the common restrictions made to your computer by these infectors which none of the AVs deal with.
. CaSIR removes the illegitimate services/processes frequently used by these infectors.
. CaSIR recognizes and instantly kills and deletes any running process/service that is disguising itself among the legitimate system services/processes.
. CaSIR removes any scripts used by these infectors to autorun.
. CaSIR removes any autostarting registry entries related to the illegitimate services/processes he detects.
. CaSIR deals with all your storage media (Fixed, floppy, removable…) and cleans them up all if need be.
. CaSIR cleans up your system registry so no more spy keys, garbage activities or messages keep asking for already deleted files.
. CaSIR’s signatures are fully updatable, once you download the software, all you need to do is to download the new definitions file frequently and you’re up-to-date and ready-to-go.

 

How to use CaSIR?

Just extract the zip-file you download which contains only two files:
- CaSIR35.exe: The main executable file.
- casirdef.cas The definitions file.

Simply run CaSIR (in Normal Mode) and press Start, Wait for seconds’ and you’re done!

 

If CaSIR detected any CaSIs, it will restart your computer and works in what we call “Pre-$hell mode”, after finishing it’s job, CaSIR will restart your computer in Normal mode.

 

 

Important notes:

1. Since CaSIR is a security software that deal with your file system, your system registry and running processes and services, it MUST be given all the rights it demands in order to remove any infection. Some other security software will try to block CaSIR or even flag it as malicious and prevent it from doing its job, please make sure it’s not blocked and there’s no other program blocking CaSIR. During disinfection process we recommend you to disable any other security solution you are running such as Antivirus, Firewall, monitoring tools ..etc.

 

 

2. Please do NOT attempt to run CaSIR in safe mode, CaSIR needs to investigate your system to know what CaSIs are active, if you ran CaSIR in safe mode, he might not be able to detect any active CaSIs, as they usually do not run in safe mode!

 

 

3. If you have more than one infected computer connected together to the same network, do NOT attempt to use CaSIR on the infected computer while the other infected ones are connected to it, this would results in getting infected again and again. You always need to disconnect the infected computer from the network before using CaSIR and do so with all your infected computers one by one!

 

 

What is “CDS Jobs” button? and why is it there?

CDS is short for “CaSIR Deep Scanner”. This is the part of CaSIR which uses the classic method of searching for malware; By the binary signature. We have added this new section of CaSIR starting from v2.0 because we lately noticed that some CaSIs’ authors have developed a new method of making identifying their malware more difficult, that is to make the CaSI spread using random file names, random registry keys, random registry values and random running processes names, so that any algorithm based on the malware File/Folder/RegKey/RegVal/Running Modules/Processes/Threads names would fail and be of no use!

 

 

If CaSIR detected any such a nasty CaSIs (those with random techniques), he will analyze the situation first and kill the active parts of the CaSI, then invoke the CDS which will scan all your hard disks/floppy disks/flash disks/memory cards/iPod/MP3/WMA Drivers available on your system to clean them, then he will restart your computer in Pre-$hell mode to continue removing the other CaSIs, after finishing it’s job, CaSIR will restart your computer in normal mode with a “Congratulations” message!

 

 

Please note that you can cancel those operations at any time, but we strongly don’t recommend that, because by doing that, you will put your computer in a dangerous situation as the CaSI will come back again when you restart your computer, so please be patient and let CaSIR finish it’s job.

 

 

Does CaSIR generate a log report?

Yes, after every phase of work, CaSIR will automatically generate a report file and saves it in same folder where CaSIR is. The report file always has the name: casirrpt.txt! This file is needed by us when you have any problem or inquiry and need to contact us, so please don’t forget to attach this file with your inquiry.

 

 

How to update CaSIR definitions?

There’s two methods of getting updates, offline and Online:

1. Online method:
Simply press “Update” button and follow the instructions on screen.

2. Offline method:
Visit www.sergiwa.com and go to downloads section, under Security software, you’ll find CaSIR Definitions file. Download it. The definitions file is a very small zipped file that contains the CaSIs signatures. All you have to do is to download casirdef.zip, extract its contents and replace it with the old one!

 

 

What are those RNP, GFL, SFL, GFD, SFD, RKM, RKD, RKA, RSO?

When CaSIR find an infection on your computer, it shows up the infection in the following way :

XXX – YYY

XXX: is the type of the infection found
YYY: is the infection itself

XXX has 9 different keywords

RNP : Running Process
GFL : Group of Files
SFL : Single File
GFD : Group of Folders
SFD : Single Folder
RKM : Registry Key to be Modified
RKD : Registry Key to be Deleted
RKA : Registry Key to be Added
RSO: Regular System Optimization

 

Do you have to buy CaSIR?

No; you don’t have to. CaSIR is 100% free of charge (for personal use only).

 

Download CaSIR from Here

 

 

CaSIR
Developer: Issam Sergiwa
Company: Sergiwa Software
OS: Windows XP, Windows Vista, Windows 7
Bugs? Problems?
Contact support@sergiwa.com

 

Get the New NORMAN Malware Cleaner for Free Today

 

Use our free and newly improved Malware Cleaner tool to scan and clean your computer from viruses, trojans and other types of malware. This simple and user friendly tool not only detects malicious software but also removes them from your computer.

 

What are the most common symptoms of an infected computer?

• Freezing or sudden restarts – Your computer behaves unexpectedly during normal use
• Unusual updates by you on Facebook or Twitter – Especially after you’ve clicked on a link that appeared not to work or installed a new application
• Emails you didn’t send – Your friends tell you they’ve received emails you didn’t send

 

If you suspect your computer might be infected, download and run the new Malware Cleaner for free today!

 

Remember: the Malware Cleaner is a solution when your computer is already infected. Keeping safe requires a security
solution that protects your computer from malicious software. The easiest and most efficient way to protect your online
identity and your computer against these threats is an antivirus software or an all-in-one security solution. If you don’t
have one, your computer might be infected without you knowing about it.

 

Key features

• Easy to install and run
• Detect and Remove malware (viruses, Rootkit’s, FakeAV, worms and more)
• Utilize advanced Anti-Rootkit technology
• Quarantine module to process the detected files
• Deep scan and cleaning including Norman patented Norman SandBox technology
• Supports Quick- and Deep Scan mode
• New command line function for better tailor scanning across several machines (businesses)
• Daily signature updates available

 

Supported operating systems: Windows 98, Me, NT, 2000, XP, 2003, Vista, 2008 and 7.

 

 

Download Norman Malware Cleaner.exe (139 MB)

 

 

 

Free DE-Cleaner by Avira, Kaspersky and Symantec for Anti-Botnet

DE-Cleaner powered by Avira

Minimum Requirements for the DE-Cleaner powered by Avira:

• Computer from Pentium, at least 266MHz
• Windows XP with at least SP 2, (32 oder 64 Bit)
• Windows Vista (32 oder 64 Bit, SP 1 or higher recommended) Windows 7 (32 or 64 Bit)
• At least 150 MB free disk space
• At least 192 MB memory on Windows XP
• At least 512 MB memory on Windows Vista, Windows 7
• Internet connection for Updating und first time Download
• Please note: At the moment there is no DE-Cleaner available for Linux or Mac OS. Since Internet criminals mainly concentrate on and attack Windows based computers.

Read more

Threat Killer v1.7.2 – Novirusthanks.org

 

Scriptable malware remover engine that can remove any malware running custom scripts.

 

Threat Killer is a fully-scriptable malware remover able to remove persistent files, kernel drivers installed by rootkits, registry keys and values, terminate processes (even if critical), delete an entire folder (also using recursive) and much more by executing custom scripts.

 

The scripts are executed in runtime and you should be able to remove a specific malware without the need to reboot the computer, however is possible that to remove nasty malware is needed to reboot the computer.

 

It is strongly recommended to use Threat Kill only under qualified supervision, certain misuses of this program can create problems on your system.

 

Read more

Remove Virus.Win32.Sality.aa, Virus.Win32.Sality.ae, Virus.Win32.Sality.ag, Virus.Win32.Sality.bh from windows 7 by kaspersky removal

The recommendations given concerning disinfection of a computer from Virus.Win32.Sality should be applied only if NO Kaspersky Lab product is installed on an infected computer, and/ or if the computer is already infected and a Kaspersky Lab product cannot be installed by regular means. Kaspersky Lab experts also recommend using Rescue Disk to disinfect an infected computer.

 

The SalityKiller.exe utility given in this article allows detecting and disinfecting only the following Sality modification Virus.Win32.Sality.aa, Virus.Win32.Sality.ae, Virus.Win32.Sality.ag, Virus.Win32.Sality.bh.

Read more

BlitzBlank 1.0 – Removes infections that nothing else removes

Tips to Detect Virus Files and Infected files

How to detect virus files?

Virus files now a days are more improved and hard to find than earlier, now some files have nice icon so user cant imagine that file is virus or unwanted. Normal Properties of virus or infected files, that always tries to connect internet and get other unwanted softwares or files to the victims computer.

 

Some Trojan files like Sality.AA copies its file to windows\system32 with same file size, so it can identify easily, some may in hidden, and creates files in all folder with same name as folder. For Example, i have a folder in C:\myfolder, when this trojan infect the system, creates files in that folder with name myfolder.exe with size ~499 KB, if we open that file nothing opens but system will get busy. Like that so many files where created in those Drives and folders.

 

Read more

RootRepeal – The New and Great Rootkit Detector and Remover

 

RootRepeal is a new rootkit detector currently in public beta.

 

It is designed with the following goals in mind:

1. Easy to use – a user with little to no computer experience should be able to use it.
2. Powerful – it should be able to detect all publicly available rootkits.
3. Stable – it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
4. Safe – it will not use any rootkit-like techniques (hooking, etc.) to protect itself.

 

Read more

Removal tool for Mal/FakeAV-BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware

 

 

 

 

 

Read more