I was hit with the ICE moneypack virus earlier today and was able to fix it and wanted to share some information from the process. I am running Windows XP SP3 with Norton Internet Security 2013.
The symptoms were similar to all of the moneypack viruses whereby upon boot a 'send me the money' notice appeared and I wasn't able to do a normal shutdown, start in safe mode, start Windows Task Manager to delete the process or, initially, boot from my Norton Recovery disk. Following are the steps that worked.
1) Change BIOS boot order - I noticed that my PC was not even trying to boot from the Norton Recovery disk so I rebooted while pressing the F2 ket to get into the BIOS. The C drive was the 1st boot device which I'm 99.999% sure was not what it had previously been set to. I suspect that the virus changed the boot order to prevent booting from a disk. I changed so that the removeable disk was the 1st boot device and was able to boot from the Norton Recovery disk.
2) Boot from an anti-virus recovery disk such as Norton's. I ran Norton Power Eraser and scan which identified the file qfwjnbtlw.cpp (compiled C++ executable) as a virus. I had Norton remove the file. I would bet that the file name is different on every computer but look for the .CPP file flagged by your scan.
3) I rebooted in normal mode and received a file not found message referring to the file deleted in step 2 but the boot finished normally and everything worked fine. I deleted the file which was trying to start the executable in step 2 (an INI file in startup I think) and rebooted again and everything seemed normal.
4) Run system restore. Just to make sure and to remove any settings, registry entries or additional files installed by the virus I ran system restore to restore everyhting to a pre-virus restore point. On my PC, to run restore I have to boot in safe mode (press the F8 key about twice per second as soon as the PC starts to boot) and run restore from safe mode.
I think that I have everything back to pre-virus configurations. If anyone is aware of anything else that the virus changed that I should check/change/delete then details would be appreciated.