Tags: 
“PRS for Music” scam (virus) – how to identify & resolve it
Recently, I have been called to see if I can help with a computer problem, which turned out to be the most genuine looking scam I have seen in a long time. In this particular case, someone was using Facebook to play music videos and suddenly a message appeared across the whole screen to say that “Illegally downloaded music pieces (pirated) have been located on your computer” and that he has to pay £50 to avoid prosecution and imprisonment. Please see the picture below:
We quite rightly suspected from the beginning that this is not a genuine “lockdown” of computer and this was confirmed by the Metropolitan Police when we spoke to them shortly afterwards. Performing Right Society (PRS for Music) are also aware of this scam and recently issued a statement in which they clarify that they would never charge end users for watching music videos online.
How to prevent receiving this scam/virus?
- Use up-to-date antivirus software
- Use software/hardware firewall
What to do when this virus is in your PC?
- Never make a payment to “unlock” your PC
- Follow these steps to remove it:
- Hard reboot your PC into “Safe Mode with Command Prompt”. The key(s) to access the Safe Mode menu depends on make of your PC but generally it could be F8 or F6. Some PCs, i.e. Toshiba tablet use combination of Alt+F1.
- You will have to type in your account password – make sure you log in to an account with administrative privileges
- Once the Command Prompt appears you have few seconds to type in “explorer” and hit Enter. If you fail to do it within 2-3 seconds, the virus will take over and will not let you type anymore
- If you managed to bring up Windows Explorer you can now browse into C:\windows\system32\restore\rstrui.exe and press Enter
- Follow the steps to restore your PC into an earlier time/day
- That’s it, your PC should be back to normal after reboot.
- Finally, report the scam on the ACTION FRAUD’s website
Please note that the above solution applies to WinXP. If you are using Win7 the rstrui.exe is located in C:\windows\system32\rstrui.exe.
Les
Thanks. Its a shocker, your advice worked but I am on win7 and didn’t understand the advice you added for that operating system n had to look into it on another site as I’m not that computer savy. You might want to put it in simpler terms as I didn’t understand it. That said you put me.on the right track n thank god for phone google
emily
hello! ive tried following your directions but a window never pops up not even for a few seconds so thers no where to type explorer it just goes straight to virus. what do i do now?
thanks for your help
Peter.Szucs
Hi Emily, just to double check – did you choose “Safe Mode with Command Prompt” as opposed to “Safe Mode”? And also what operating system you are running on your pc?
Rod Trow
Thank you for the post.
I am to computers what Peter Andre is to shyness, but I was able to follow the instructions.
Rod
Oz
Phew…. thought I was in trouble there….thanks for making this advice freely available.
Zac
I had this virus lock my computer this afternoon and naturally I was worried! but the instructions were very easy to follow from my phone and now I’m back roaming the ‘net! Thanks!!!!!!