Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Celas Virus Blocked Everything


  • Please log in to reply
8 replies to this topic

#1 MJLiebgott

MJLiebgott

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:00 PM

Posted 28 May 2012 - 01:38 PM

It's been nearly a week ever since our main laptop has been totally blocked by CELAS with a ransom of 50 in order to unlock it. I've done a little research and discovered that according to CELAS itself, they aren't responsible with the issue of the blocking/s: http://www.celas.eu/CelasTabs/press.aspx

Our laptop is also blocked whenever using Safe mode, including the command prompt and networking.

I'm currently using my old small laptop as a substitute but it's rather old and rundown.

Please Help!

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:00 AM

Posted 28 May 2012 - 09:39 PM

Welcome to the forum, MJLiebgott!

Will be back with instructions shortly.

Thanks for your patience.

Old duck...


#3 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:00 AM

Posted 28 May 2012 - 09:52 PM

Let's see if we can get a hold of this computer...

Do you have the Repair your computer option in the
Advanced Boot Options menu?

To find out:
Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Is the Repair your computer option listed?
If you do not have the option above, do you have a Windows Seven installation CD/DVD available?


Also, do you know if the system is 32-bit, or 64-bit?

Go to Start > Control Panel
Type system in the Search Control Panel box (upper right)
Under System, look for: System type
It states either 64-bit Operating System, or, 32-bit Operating System
Please provide the result.


And last, do you have a USB flash drive available, and do you have access to another computer?

Old duck...


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:00 AM

Posted 29 May 2012 - 04:33 PM

To start out, if you can find out if the Repair your computer is found in the Advanced Options Menu, that would help get things going and get the machine out of 'the deep end', so to speak.

If not, do you have a Windows Seven installation CD?

Old duck...


#5 MJLiebgott

MJLiebgott
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:00 PM

Posted 30 May 2012 - 12:51 PM

Well, whenever I press F8 repeatedly and ends up in the Advanced Boot Options and says:

Choose Advanced Options for: Microsoft Windows Vista

Safe Mode
Safe Mode with Command Prompt

Enable Boot logging
Enable low-resolution video (649x480)
Last Known Good Configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement

Start Windows Normally

#6 MJLiebgott

MJLiebgott
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:00 PM

Posted 30 May 2012 - 12:56 PM

Sadly, I'm not able to identify whether the system is 32-bit, or 64-bit. I'm not able to follow the instructions on the previous instructions you gave me:

(Go to Start > Control Panel
Type system in the Search Control Panel box (upper right)
Under System, look for: System type)

The reason for this is because as I log into an account, the only thing that is displayed is the CELAS ransom letter and I'm not able to exit it.

And one more thing, I don't have a Windows Seven installation CD

#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:00 AM

Posted 30 May 2012 - 02:53 PM

Thought you were running Windows Seven, but it appears you are not. It is Windows Vista?

Are you able to get into the Advanced Options for Windows Vista, and select:
Safe Mode with Command Prompt?

If so, at the Command prompt, type:
echo %PROCESSOR_ARCHITECTURE%
Press: Enter
When done, type: exit

It should provide the info as to whether the system (Vista) is 32 bit (may show as x86), or 64 bit.

Also, do you know if you have SP1 or SP2 installed? Look at the info on the black screen of Safe Mode with Command Prompt. It may have some SP info there.


To go out of the black screen you may need to press the Ctrl Alt Del keys simultaneously, and get to Task Manager
In Task Manager, select: Shutdown

Old duck...


#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:00 AM

Posted 30 May 2012 - 06:03 PM

Also, do you have another Vista computer, or know someone who does?

Anyone you know have a Vista installation CD?

Old duck...


#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:00 AM

Posted 31 May 2012 - 05:33 PM

Are you still with us?

Still trying to find a way that does not require the Repair your computer option, does not require a Windows Vista installation CD/DVD, etc.

You mentioned (Post #5) the following Advanced Boot Options appearing on your laptop...

Choose Advanced Options for: Microsoft Windows Vista

Safe Mode
Safe Mode with Command Prompt

Enable Boot logging
Enable low-resolution video (649x480)
Last Known Good Configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement

Start Windows Normally


Try selecting Directory Services Restore Mode (DSRM) from the F8 menu, and post whether Celsa takes over DSRM, as it does in normal Windows Vista. If not, we may have a break.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users