FacebookTwitterLinkedIn

Celas Virus

Also Known As: Celas Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is Celas?

Celas and FBI ransomware is recent, having been active for just a few months. These security infections block the desktop of computer users and demand payment of fines for users' purported illegal download and distribution of music tracks.

Cyber criminals actively spread these scams using Trojans and malicious websites, exploiting the names of authorities to make their threatening messages appear authentic. New variants of this ransomware have changed their money transferring methods; whilst previous versions used paysafecard, the new ones use ultimate game card.

Ultimate game card is a service allowing for the payment of computer games online. It is believed that cyber criminals resell the codes received from unsuspecting PC users who fall for their trickery by paying the bogus fines.

Beware of fake screen lockers, which demand payment of fines for law violations - no authorities use these methods to collect fines. If your computer screen is blocked by a similar-looking message, you are dealing with a ransomware infection.

Cyber criminals attempt to trick you into paying a fabricated fine. Do not follow any of the instructions presented in these messages - you will lose your money and your computer will remain blocked.

celas ransomware ultimate game card FBI Your Operating System is Locked

Hopefully, the ultimate game card company is aware that cyber criminals are using their services in Celas and FBI ransomware campaigns and will take steps to prevent this from happening in the future. To prevent this ransomware from infiltrating your PC, you should frequently update your operating system and installed programs.

To simplify and automate this process, use Secunia Personal Software Inspector (free software). By updating the operating system and software patches, security holes are reduced, thus making infiltration of your system more difficult.

Use legitimate antivirus and antispyware software to secure your PC. If your computer is already infected and you observe these deceptive messages on your desktop, use this removal guide to help to unblock your PC.

A fake message displayed in Celas and FBI ransomware:

Your PC is blocked due to at least one of the reasons specified below. You are in violation of Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article I, Section 8, Clause 8, also known as the Copyright of the Criminal Code of United States of America. Article I, Section 8, Clause 8 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoofilia and etc). Thus violating article 202 of the Criminal Code of United States of America. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of up to $100,000 and/or a deprivation of liberty for four to nine years.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Celas virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Celas or FBI ransomware. Start your Internet browser and download a legitimate anti-spyware program.

Update the anti-spyware software and start a full system scan. Remove all the entries detected.


After completing these steps, your computer should be clean. Reboot your computer in Normal Mode.

Alternative Celas and FBI ransomware removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file).

Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Celas or FBI ransomware.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated.

For this step, you need access to another computer. After removing Celas or FBI ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Anti-spyware programs known to detect and remove Celas and FBI ransomware:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Celas Ransomware QR code
Scan this QR code to have an easy access removal guide of Celas Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.