Are you using all features of the product or just AV/AS? It is highly recommend you use all features, especially Intrusion prevention.
In terms of removal tools we have developed our power eraser tool in order to remove fakeAV infections. Below is documentation regarding power eraser, which is built into the SEP support tool that you can run on a infected machine.
http://www.symantec.com/docs/TECH134803