Unless you've done something bizarre in your setup, when Norton "fixes" something it tells you why, usually by giving at least a generic name for the offending content.
Go to the Norton (Symantec) website, put the name of the offender in the "search for viruses/worms," and see if they give you an explanation.
If it has an explanation, it will also tell you what to do about it.
Norton, or any other AV program, usually tries to check out "incoming" files as they arrive. If something got on your machine before the ident info got there in your signature updates, it will sometimes NOT be detected until the file "opens" for some reason.
Files that a worm places on your machine may not contain anything suspicious, but by executing a "normal" instruction may "reload" the infection, which your AV detects. This can continue indefinitely until "what the infection did to you" is removed along with the infection itself.