When SEP/SAV detects an infection but not remove it, that almost always means either a new variant or something completly new that has some of the characteristics of something that is known.
Best thing to do is to submit whatever you can find to Security Response.
Also contact your Tech Sup. person and send all characteristics you find to him/her, like log files, scan logs, you name it, send it. Sometimes, it is better to send a bit too much inforation than not enough. It might also help to use third party removal tools, especially when they create log files and/or separate quarantined files.
Symantec has ways to read some of those 3rd party quarantined files as well.
When Security Response gets samples, they can write teh detection. That in turn means that you will not have to sneakernet dozens if not hundreds infected machines. 8-)