CaSIR now free software

[Anupam]

CaSIR, short for Common and Stubborn Infections Remover, was earlier commercial, but is now available as a freeware. Blogs from which I came to know about this, say that its quite effective in removing malware.

It looks good from what I read on its site.

I personally haven't heard about it ever, maybe because it was a commercial program earlier.

You can read about CaSIR here, and also download it :

http://www.sergiwa.com/modules/mydow...hp?cid=2&lid=6

[J_L]

Me neither, added to list.

[26Dolphins]

Site blocked by hpHosts with the Classification: FSA (sites engaged in the selling or distribution of bogus or fraudulent applications ).

[eyeb]

never heard of it either... their "reputation" links on side banners really suck though and is designed to fool people imo. None of the links actually review the products, just says yes the company exists, and kaspersky's link is dead. Their Mcafee "link" goes to 1 review of the site and it was their own review. Looks like they just made random posts on big name sites and linked them to so they can "prove" they are honest by association.

I wouldn't trust this program mainly because of those factors, and I'd use google to remove stubborn infections. Yes I consider google a tool more so than just a search now

edit: more on the point of not trusting it, googling casir, there is no real reviews of it by the tech/security community and google suggestions for related searches is a keygen... not looking too trustworthy if the only thing related to this is a keygen

[Anupam]

Thanks for your input guys, much appreciated. I will try to find more about this software when I can. Actually, it first got my attention on Raymond's(We won't allow links to the site though).. and also on GHacks(via Raymond too), recently. So I decided to post about it.

Seems like it would need further investigation.

[eyeb]

looks worse and worse for this
virustotal.com/analisis/35532761e4f25632caa2bef7d67e980b found this one in comment on download.com

virustotal.com/file-scan/report.html?id=d1bffb903fae99914e52d43e732b86faf64 50530d7e3769947544427f1f295bf-1312029973 this is my own upload that I downloaded just now

both could be false positives but the fact that the site says the program demands admin rights, that you disable all your other protective software flashes bright red to me to not trust this. I know it's bad to run multiple products of 1 type but this wants you to cripple your system for you, no firewalls, no AV, no monitoring tools and run it with admin rights and it'll even "restart" your computer to work...

and it's only 166kb? I don't know how it's even possible to compress something that does all that it claims.

[Anupam]

Well, here is the VirusTotal report of the CaSIR that I downloaded, and it looks quite OK to me.

http://www.virustotal.com/file-scan/...87b-1312052050

As for admin rights and all... ComboFix is another software, that tells you to disable other security products, because its powerful, and other software can interfere with it. I am not sure if ComboFix requires admin rights to work though.

CaSIR says that it works on the areas where malware usually strikes, and so it requires to work in normal mode, because in safe mode, it would not detect the presence of malware fully. That was convincing to me.

As for keygen, I think its because it was a commercial software before, and that's why the keygen.

Still, as you say, I was also wondering about its such a small size. As I said, I will look further when I have time.

Strange that I did not find any Google search result for CaSIR on Wilders. Maybe I will have to go over to Wilders and search there. If anyone has an account on Wilders, maybe they would like to ask about CaSIR there?

[blues]

Personally, unless I was testing in a very secure (airtight) virtual environment, I can't see why any security minded person (like ourselves) would chance using a product that hasn't been fully vetted.

Just my opinion, of course.

[Anupam]

Quite true blues.. I agree. If I had got this software a few days back, then I might have had the chance to test it, since I had got a badly infected PC of my cousin. ComboFix was able to deal with it though.

I was still thinking about testing CaSIR, but I am having second thoughts now. Also, without any malware, it won't be good enough test.

[eyeb]

you mentioned the normal mode earlier... their webpage says run in normal, if detecting anything it would restart into "pre-$hell" mode... I've never heard of this mode before and they said not to run casir in safe mode leading me to believe this unknown mode is not safe mode. What other modes in windows are there? I mean, it could be something like a live environment except that without a physical disk/drive to run it from, it would be most likely save part of itself as a ramdisk to boot from. but it would be wiped when it restarted so i doubt this too... And it's too small to do something like Ubuntu's Wubi's installation for dual booting

the biggest part that I dislike about it is the actual webpage, full of spelling/grammar errors. Broken/uninformative reputation links, and only 2 comments on the product that are years apart. Their forums are dead, newest posts from 2009... pointing to me that if there is problem, you couldn't get responce from them for help. And I doubt the product is so great that no one has any questions to post on the forums.

And I even considered testing this in an offline environment. Apparently the offline definations can't be found where the webpage says they are, so scrape that, wont test this :S even if i did it virtually, I'd still want it to have no internet connection

edit: the related searches being keygen is not reasonable even if it was a commercial product :S Eset/Kas/etc are commercial and keygen is not the first/only related search.