3 years ago I’ve written about CaSIR, which is a very useful small and portable tool that has helped me removed a lot of stubborn virus infection with just a click (especially Brontok and some unknown variant) from computers when antivirus has failed to remove them. All I need to do is run it from my portable USB drive and click the Start button. Back then when CaSIR was in version 2, it is a shareware that cost USD14.95 and is limited to only running it on your computer since the license is machine dependent.
I revisited Sergiwa’s website today (the author of CaSIR), and found that CaSIR is now a freeware. Everyone can now use CaSIR on any computer without limitations. CaSIR takes merely a few seconds to scan because it only checks the areas where malware mostly hide and cleans them. Once the infection has been removed, I can then use other tools to further clean up any traces of the malware.
CaSIR uses generic and strong technique to recognize & remove illegitimate services, processes, scripts, autoruns and registry frequently used by these infectors. You can also easily and conveniently update the CaSIR definition by clicking the Update button on the software.
The thing about using anti-malware software such as SUPERAntispyware, Malwarebytes’ Antimalware (MBAM), NoVirusThanks Malware Remover is it has better detection in normal Windows mode when the malwares are active rather than in Safe Mode when malwares are inactive. This is the same case for CaSIR and you need to run it in normal Windows mode.
CaSIR used to have a couple of detections when scanned in VirusTotal (rest assured they are false positives) but now it has only 1 out of 43 which is by AVG. False detection are a headache to legit software developers, so I have gone ahead and submitted the false positive report to AVG to get them to fix their virus definitions, hopefully making CaSIR 0/43 real soon. CaSIR works on Windows XP, Windows Vista and Windows 7.