Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Celas Blocking


  • This topic is locked This topic is locked
26 replies to this topic

#1 Lystlund

Lystlund

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 18 May 2012 - 05:23 AM

I have the problems as a few others with the fake Celas blocking my computer and asking for 50 euro.

I did make the FRST file, but I can't seem to get DSS to work even though I tried doing it with the commandprompt since I can't get past the blocking screen.

I am Using the Windows 7 64 bit.

I did attach the FRST File.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 18 May 2012 - 06:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please attach the FRST file. :)
Posted Image
m0le is a proud member of UNITE

#3 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 04:19 AM

I have attached the FRST file to this post

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 19 May 2012 - 06:16 AM

There's no attachment there either, Lystlund. Check that you are doing this correctly and note any error messages.

Click Addreply as you would to reply to a post.

Click the Browse... button underneath the text box to the right and navigate to the file. Click it once and then click Open.

The file and its path should appear in the box next to Browse... and then you click UPLOAD.
Posted Image
m0le is a proud member of UNITE

#5 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 06:18 AM

Sorry my fault forgot to hit the attach this file button :)
Should be there now

Attached Files

  • Attached File  FRST.txt   69.45KB   19 downloads


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 19 May 2012 - 06:43 AM

ZeroAccess is present.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 se59obex; C:\Windows\System32\MSCamSvc.dll [6656 2009-07-13] (Oak Technology Inc.)
NETSVC: se59obex
C:\Windows\System32\MSCamSvc.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Fix button just once and wait.
[*]The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.[/list]
Posted Image
m0le is a proud member of UNITE

#7 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 07:13 AM

That is done now I have attached the file.

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 19 May 2012 - 09:07 AM

Has the blocking screen gone now?
Posted Image
m0le is a proud member of UNITE

#9 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 09:18 AM

No it havn't. I tried rebootin my computer after I sent the log, it's still the same problem.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 19 May 2012 - 09:24 AM

Please run FRST again then please and post the new log
Posted Image
m0le is a proud member of UNITE

#11 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 09:45 AM

Here is the new log

Attached Files

  • Attached File  FRST.txt   69.21KB   8 downloads


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 19 May 2012 - 04:24 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Lystlund\...\Run: [Google] C:\Users\Lystlund\AppData\Roaming\googleoez.exe [x]
HKLM\...\Winlogon: [Shell] C:\Windows\Temp\fvbapf\setup.exe [x ] ()

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Fix button just once and wait.
[*]The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.[/list]

If this does not allow you to boot, are you able to boot into safe mode?
Posted Image
m0le is a proud member of UNITE

#13 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 05:19 PM

Here is the file.
I tried starting my computer after the fix ran and I actually saw the desktop this time for a few seconds, but then it popped up again (It did this twice after the startup).
The message is shown for a quick second and then the screen turns white.

It dosen't seem to pop up when I did boot up in safe mode.

Attached Files


Edited by Lystlund, 19 May 2012 - 05:22 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:06 AM

Posted 19 May 2012 - 05:39 PM

Boot into safe mode and run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#15 Lystlund

Lystlund
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 19 May 2012 - 05:46 PM

I did download the program to my flash drive and copied it to my infected computer.
I am getting an error that the program could not start because of side by side configuration.

I would try to run it at adminstrator, but I can't get that option in safe mode.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users