Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 28 March 2012

Remove 'PRS for Music' Scam Ransomware (Uninstall Guide)

Posted on 12:06 by Unknown
PRS for Music Your computer has been locked is a scam (ransomware) that tries to extort money from unsuspecting computer users. Earlier this month, Performing Right Society issued a statement in which they clarified that the virus has nothing to do with PRS for Music and that they are investigating this issue. Now, why the hell they should care so much about this malware? Well, probably because cyber crooks use their logo, in association with Metropolitan police apparently, to make it the most genuine looking scam you've seen in a long time. This scam is a particularly nasty one and unfortunately very widespread at the moment. So, what does this ransomware do exactly? Once installed, it hijacks your Desktop with a rather professionally done fullscreen warning claiming to be from PRS for Music and Metropolitan Police. Please see the image below:



The warning states that illegally downloaded music files have been found on your computer and for this reason your computer has been locked.
PRS for Music

Your computer has been locked

Illegally downloaded music pieces (pirated) have been located on your computer. By downloading, those music pieces were reproduced, thereby involving a criminal offence under Section 106 of the Copyright Act. ....
I don't know much about the copyright laws in the United Kingdom but even if there is such an act you're not violating it, so don't panic. To further scare you into thinking that PRS for Music warning is a real deal, cyber crooks use Geo IP functions to determine your IP address and host name. It actually calls the command and control server before displaying the actual warning. It is worth mentioning that cyber crooks target computer users in other countries as well.
  • Gema and GVU - Germany
  • Sacem - France
  • Buma Stemra - The Netherlands
  • Suisa - Switzerland
  • AKM - Austria


All the organization in Europe protect the interest of songwriters, composers, and publishers.

When running, PRS for Music scam/ransomware claims that the illegally obtained music files were encrypted and moved to protected folder. This is not true. Although, this ransomware might be a bear to remove, it's not very sophisticated and even has some critical bugs that I will show you later can be used to bypass the restrictions in a few simple steps. Further more, PRS for Music ransomware claims that you need to pay £50 to avoid prosecution and imprisonment. DO NOT GIVE THESE SCAMMERS YOUR MONEY. First of all, you will simply lose your money and you probably won't able to get them back because payments must be made via PaySafecard, PayPoint or something along those lines. They accept anonymous payments. Secondly, they won't unlock your computer.

You should also know that this ransomware cannot steal personally identifiable or sensitive information. It cannot delete any of your files either. Don't worry, you haven't lost your files, etc. You just need to remove PRS for Music Your from your computer. That's it. If you're not good with computers, you can simply take your computer to a local repair store. It may cost you around $200 to get your computer back up and running again. Or you can try to remove this scam manually yourself. Please follow the removal instructions below.

How to prevent receiving PRS for Music scam/ransomware?

First, update your software, especially Adobe, Java and your web browsers. Use up-to-date antivirus software and additional firewall. As far as I know, cyber crooks use BlackHole, by far the most widely used exploit pack, to distribute this ransomware. Simply visiting infected websites may get you into trouble. Please watch the video below showing how cyber crooks armed with the latest version of BlackHole 1.2.3 can easily infect your computer if you're running outdated version of Java. The exploit targets a bug in Java (CVE-20120-0507).


Thanks to Kafeineify for making this video.

PRS for Music scam stays active in Safe Mode, Safe Mode with Networking and even in Safe Mode with Command Prompt. However, once you rebooted your PC in Safe Mode with Command Prompt you have a few seconds to open Windows explorer. If you are lucky enough you might be able to restore your computer to a previous date when your computer was virus free.


PRS for Music removal instructions (System Restore):

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key.

2. Make sure you log in to an account with administrative privileges (login as admin).

3. Once the Command Prompt appears you have few seconds to type in explorer and hit Enter. If you fail to do it within 2-3 seconds, the PRS for Music ransomware will take over and will not let you type anymore.

4. If you managed to bring up Windows Explorer you can now browse into:
  • Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
  • Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter
5. Follow the steps to restore your PC into an earlier day.


Alternate PRS for Music ransomware removal using Print to file option:

A blogger named Thice wrote a great removal guide that can be used to remove PRS for Music scam without a need to reboot your computer in Safe Mode. Although, the removal guide was originally created to help users to remove Buma Stemra ransomware, it should work for PRS for Music as well. Basically, it's the same ransomware targeting computer users in different countries. Link to remove guide:

http://www.thice.nl/getting-rid-of-the-buma-stemra-ransomware-malware/



To learn more about ransomware, please read Remove Trojan.Ransomware (Uninstall Guide).

Tell your friends:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Ransomware | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • How to remove 'TidyNetwork' adware virus from your computer
    As internet users most of us have seen those irritating little pop-up windows that are advertising something that we normally have little or...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ▼  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ▼  March (7)
      • Emsisoft Giveaways And Deals
      • GFI VIPRE Giveaways And Deals
      • Remove 'PRS for Music' Scam Ransomware (Uninstall ...
      • "I Want This!" Adware
      • Norman Giveaways And Deals
      • How to Remove Best Virus Protection (Uninstall Guide)
      • Remove Windows Secure Kit 2012 (Uninstall Guide)
    • ►  February (17)
    • ►  January (20)
  • ►  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile