How to eliminate Celas Virus?
Celas and FBI ransomware has been around for a couple of months now. These security infections blocks the desktop of computer users and asks to pay a fine for illegally downloading and distributing music tracks. Cyber criminals are actively spreading such scam using Trojans and malicious websites, they exploit the names of authorities to make their threatening messages appear more realistic. The new variants of these ransomware has changed their money transferring methods, while the previous versions used paysafecard the new versions are using ultimate game card.
Ultimate game card is a service which allows to pay for computer games online, Cyber criminals must be reselling the codes that they receive from unsuspecting PC users who falls for their trickery and pays the non existent fines for copyrighted content. Once again we want to warn computer users about fake screen lockers that asks to pay fines for some law violations - none of the authorities are using such methods to collect fines. If you computer screen is blocked by a similar looking message you can be sure that you are dealing with a ransomware infection, Cyber criminals are trying to trick you into paying a non existent fine. You shouldn't follow any of the instructions presented in such messages - you will loose your money and your computer will still be blocked.
Hopefully ultimate game card company is aware that cyber criminals are using their services in Celas and FBI ransomware campaigns and they will take steps to prevent this from happening in the future. To prevent such ransomware from entering your PC you should frequently update your operating system and all of your installed programs. To simplify and automate this process you can use Secunia Personal Software Inspector (Free software). Operating system and software updating patches the security holes and makes infiltrations of your computer much more complicated. You should also use a legitimate antivirus and antispyware software to secure your PC. If your computer is already infected and your see such deceptive message on your desktop you should use this removal guide to help you unblock your PC.
Fake message shown in Celas and FBI ransomware:
Your PC is blocked due to at least one of the reasons specified below. You have been violation Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America. Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.
Celas virus removal:
Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account that is infected with Celas or FBI ransomware. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
After completing these steps your computer should be clean, reboot your computer in normal mode.
Alternative Celas and FBI ransomware removal guide:
If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.
1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.
3. In the command prompt type regedit and press Enter. This will open the registry editor window.
4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install a legitimate anti-spyware software and perform a full system scan to eliminate any left remnants of Celas or FBI ransomware.
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Celas or FBI ransomware from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Anti-spyware programs known to detect and remove Celas and FBI ransomware: