Protection Suite Enterprise Edition

My computer has been locked by ransomware masquerading as the FBI.  I can still use the other user account on my computer to run Norton 360 in normal mode, and I have run it in Safe Mode in both accounts.  I have used Norton Power Eraser, to no avail. Please walk me through the removal of this monster. 

Also, I do not understand the prompt below to specify a Norton product and version.  My product, Norton 360, is not listed.  I am choosing one at random just to be able to post this.

Thanks!

Hello,

Check this thread

https://www-secure.symantec.com/connect/forums/how-remove-fbi-virus-fbi-moneypak-ransomware-virus-laptop-sep1106-has-been-already-installed-

Thank you.  One question:  When I try to fill the form for a tech support case, it asks for my product and version.  I have Norton 360.  How do I translate that into an acceptable answer?  I can't file the report without those two blanks filled, and I don't know how to answer.

The product name and version should be visible through "Control Panel" > "Add/Remove Programs" or "Programs and Features" depending on your operating system.

It says only "Norton 360."

In the Norton application, do you see any about button/menu option?

In that case you should see more details of the name and version

Oh wow.  This second user account may be compromised now. I'm not sure. 

I had gone to the add/delete section and noted that it said only "Norton 360."  After your next post, I checked it in the start menu -- clicked on the icon and got some options for actions.  But this time, no matter which one I clicked, nothing happened.  I went back to the add/delete section, and Norton 360 is gone!  (I didn't touch it when I looked at it before; I didn't delete it by mistake.)

8-(

Btw, I made a bootable recovery disk last night but am not sure how or if I should use it in my current situation.  Will it delete any of my files or programs if I run it?

Also, I just got an error notice 8504, 101.  It wasn't auto-fixable and I was instructed to notify Symantec.  ????

And...  Norton 360 is back in the add/delete section, thank goodness.  And the screen icon is up again, since I was notified of the error notice.

What operating system are you using; 2000, XP, Vista, Windows 7?

Usually a recovery disk will not wipe the disk but just recover the (vital) system files and registry.

If it's possible; recover your data on the disk (get into another computer and copy your data to that computer) and then reinstall the computer to be safe.

My guessing is that there is a self survival process which upon killed will spawn another process (or several). Depending on your skillset you could try to remove the "bad guy"; use process explorer or similar to suspend the process(es) instead so no new process(es) are re-spawned. Then remove any auto-launch (related to the ransomware) using ex. Autoruns to prevent the ransomware to be able to launch again.

This new Security Response blog post also adds some extra developments/details- be informed!

Ransomware: Extorting Money by Panic and Pressure
https://www-secure.symantec.com/connect/blogs/ransomware-extorting-money-panic-and-pressure

The Norton Boot Recovery Tool, referenced above, should be able to deal with these threats.

Just posting a small "good news" update:

Trojan.Ransomgerpo Criminal Arrested
https://www-secure.symantec.com/connect/blogs/trojanransomgerpo-criminal-arrested