“PRS for Music” scam (virus) – how to identify & resolve it

Peter.Szucs — Wed, 14 Mar 2012 23:29:16 +0000

Recently, I have been called to see if I can help with a computer problem, which turned out to be the most genuine looking scam I have seen in a long time. In this particular case, someone was using Facebook to play music videos and suddenly a message appeared across the whole screen to say that “Illegally downloaded music pieces (pirated) have been located on your computer” and that he has to pay £50 to avoid prosecution and imprisonment. Please see the picture below:

We quite rightly suspected from the beginning that this is not a genuine “lockdown” of computer and this was confirmed by the Metropolitan Police when we spoke to them shortly afterwards. Performing Right Society (PRS for Music) are also aware of this scam and recently issued a statement in which they clarify that they would never charge end users for watching music videos online.

How to prevent receiving this scam/virus?

- Use up-to-date antivirus software

- Use software/hardware firewall

What to do when this virus is in your PC?

- Never make a payment to “unlock” your PC

- Follow these steps to remove it:

Hard reboot your PC into “Safe Mode with Command Prompt”. The key(s) to access the Safe Mode menu depends on make of your PC but generally it could be F8 or F6. Some PCs, i.e. Toshiba tablet use combination of Alt+F1.
You will have to type in your account password – make sure you log in to an account with administrative privileges
Once the Command Prompt appears you have few seconds to type in “explorer” and hit Enter. If you fail to do it within 2-3 seconds, the virus will take over and will not let you type anymore
If you managed to bring up Windows Explorer you can now browse into C:\windows\system32\restore\rstrui.exe and press Enter
Follow the steps to restore your PC into an earlier time/day
That’s it, your PC should be back to normal after reboot.

- Finally, report the scam on the ACTION FRAUD’s website

Please note that the above solution applies to WinXP. If you are using Win7 the rstrui.exe is located in C:\windows\system32\rstrui.exe.

New Year’s Resolution: Recovering “lost” money and reducing financial risks

Richard.Kusnierz — Wed, 18 Jan 2012 14:11:30 +0000

At the start of a new year I’d like to offer a self-funding opportunity which is risk free, has no downside and will re-assure corporate stake holders that your organisation is proactive in reviewing controls and safeguarding corporate assets. This is a two stage approach and makes use of the combined experience of Transaction Analysts Limited and Investigative Data Mining Limited.

Stage 1 would be to perform a historic cost recovery audit of the last 5 years payments to third party suppliers. This is 100% risk free and on a contingency fee basis. If we don’t find and recover any over-payments there is no fee. If we recover significant over-payments, it indicates that the control mechanisms within Accounts Payables are not operating effectively and could be exploited.

Stage 2, given the significant recoveries made in Stage 1, funds exist to pay for a more exhaustive data mining review to identify further exposures and the warning signs of active fraud. In the current economic climate, the level of reported fraud has increased by 100% since last year, and the reality is that most organisations discover fraud by accident.

This strategy and methodology is self-funding and requires no budget.