Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CELAS


  • This topic is locked This topic is locked
76 replies to this topic

#1 linkways

linkways

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 12 April 2012 - 10:20 AM

just had a celas screen appear on laptop that will not let me get past unless i agree to pay a fine of 50£ for illegal music downloads,same problem as grange8 - tried to start up in safe mode but will not stat up windows, if I start up normally it shows no icons on desk top and redirects to CELAS screen and can't get past that - Windows XP

Edited by linkways, 12 April 2012 - 10:22 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 08:39 AM

Hello, how far do you go in Safe Mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 April 2012 - 09:21 AM

It comes up with the blue screen saying windows could not start, followed by a lot of text and at the bottom it shows following

0XOOOOOO7E (OXCOOOOOO5, 0X805A6C97, 0XF784A0,0XF78B819C)

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 09:25 AM

When became this infection active?

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 April 2012 - 09:37 AM

It got infected on 11th April about 18.00 hrs

Thanks I'll give this a try

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 09:45 AM

Thank you, in that case we'll see if a registry restore will do the trick.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 April 2012 - 10:03 AM

HI Elsie

Here is the log

45.8M Apr 11 19:06 /mnt/sda2/WINDOWS/SYSTEM32/CONFIG/SOFTWARE
11.8M Apr 12 08:26 /mnt/sda2/WINDOWS/SYSTEM32/CONFIG/SYSTEM

45.5M Mar 26 08:21 /sda2/~/RP1/~SOFTWARE
45.5M Mar 26 08:45 /sda2/~/RP2/~SOFTWARE
45.5M Mar 28 08:23 /sda2/~/RP3/~SOFTWARE
45.5M Mar 29 21:12 /sda2/~/RP4/~SOFTWARE
45.5M Mar 31 06:30 /sda2/~/RP5/~SOFTWARE
45.5M Mar 31 08:40 /sda2/~/RP6/~SOFTWARE
45.5M Apr 2 08:49 /sda2/~/RP7/~SOFTWARE
11.0M Mar 26 08:22 /sda2/~/RP1/~SYSTEM
11.0M Mar 26 08:45 /sda2/~/RP2/~SYSTEM
11.0M Mar 28 08:23 /sda2/~/RP3/~SYSTEM
11.0M Mar 29 21:12 /sda2/~/RP4/~SYSTEM
11.0M Mar 31 06:30 /sda2/~/RP5/~SYSTEM
11.0M Mar 31 08:40 /sda2/~/RP6/~SYSTEM
11.0M Apr 2 08:49 /sda2/~/RP7/~SYSTEM

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 10:57 AM

Please open the terminal again from your USB device and type bash rst.sh -r[b/]

Type [b]7
and press enter.

When done restart your computer normally and see if you can successfully log on now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 April 2012 - 11:31 AM

It startED to load windows (the logo screen)but after a few seconds it came up with a blue screen with the message

A problem has been detecxted and windows has been shut dowm to prevent damage to your computer.

Then some text about unistalling things and running CHKDSK

Then the message

STOP: 0X00000024 (OX00190203, 0X86F830C0, 0XC0000102, OXOOOOOOOO)

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 11:52 AM

Do you have your XP CD? (If not, no problem, but it will require you to create an additional CD)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 April 2012 - 12:05 PM

I have found one entitled 'Reinstallation CD MS Windows XP HOme Edition Incluidning Service pack 1'

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 12:09 PM

That'll do. :)

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  • When prompted to choose a windows installation, type 1 and press enter.
  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Type chkdsk /r and press enter.

Let the disk check run unhindered (this may take some time).
When done type exit and press enter to reboot. Let me know if you can boot successfully now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 April 2012 - 12:11 PM

Thanks Elise I will try this tomorrow - thank you for all your help - have a good evening

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:53 AM

Posted 13 April 2012 - 12:27 PM

Same to you! :) I'll wait for the results tomorrow.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 linkways

linkways
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 14 April 2012 - 05:52 AM

Good Morning Elise

I got to the point of 'Welcome to Setup' with the three options

I selected 'R'

The screen is now stuck with the following message at the top

Windows XP Home Edition Set Up

and the following message at the bottom

Examining 57216 MB Disk 0 at Id 0 on bus 0 on atapi...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users