Written by Tomas Meskauskas
Damage level: Severe
How to eliminate Celas Virus?
Celas and FBI ransomware is recent, having been active for just a few months. These security infections block the desktop of computer users and demand payment of fines for users' purported illegal download and distribution of music tracks. Cyber criminals actively spread these scams using Trojans and malicious websites, exploiting the names of authorities to make their threatening messages appear authentic. New variants of this ransomware have changed their money transferring methods; whilst previous versions used paysafecard, the new ones use ultimate game card.
Ultimate game card is a service allowing for the payment of computer games online. It is believed that cyber criminals resell the codes received from unsuspecting PC users who fall for their trickery by paying the bogus fines. Beware of fake screen lockers, which demand payment of fines for law violations - no authorities use these methods to collect fines. If your computer screen is blocked by a similar-looking message, you are dealing with a ransomware infection. Cyber criminals attempt to trick you into paying a fabricated fine. Do not follow any of the instructions presented in these messages - you will lose your money and your computer will remain blocked.
Hopefully, the ultimate game card company is aware that cyber criminals are using their services in Celas and FBI ransomware campaigns and will take steps to prevent this from happening in the future. To prevent this ransomware from infiltrating your PC, you should frequently update your operating system and installed programs. To simplify and automate this process, use Secunia Personal Software Inspector (free software). By updating the operating system and software patches, security holes are reduced, thus making infiltration of your system more difficult. Use legitimate antivirus and antispyware software to secure your PC. If your computer is already infected and you observe these deceptive messages on your desktop, use this removal guide to help to unblock your PC.
A fake message displayed in Celas and FBI ransomware:
Your PC is blocked due to at least one of the reasons specified below. You are in violation of Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America. Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.
Celas virus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with Celas or FBI ransomware. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.
After completing these steps, your computer should be clean. Reboot your computer in Normal Mode.
Alternative Celas and FBI ransomware removal guide:
If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. In the opened Command Prompt type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.
3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.
4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Celas or FBI ransomware.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing Celas or FBI ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Anti-spyware programs known to detect and remove Celas and FBI ransomware: