I too use Norton, but you have to be aware that there are 'false positives' for various reasons.
"..... this is a Norton Security/Safeweb false positive. Their threat scanning engine is flawed when handling reponses from these 'hacked' URLs, which in vulnerable systems can do damage. The problem is that they interpret the response incorrectly, so sites that have no PHP/WordPress etc get flagged in error..... is not your site per se, but rather the response that the site returns to what is essentially a bad URI. If they get anything other than a hard 404 response, they take that to mean the URL is valid, and therefore a vulnerability....".
"...Why is everyone a victim? Take personal responsibility for your life..."