My next door neighbor discovered "Boot.Tidserv" rootkit on his Windows 7 64 bit based PC.  His up to date version of NIS 2011 alerted him that the rootkit was found, but could not remove it:

1. Norton apparently could not stop the rootkit form infecting my neighbors PC, but it could identify the rootkit during a scan. 

If it could identity the rootkit during a scan why couldn't it prevent the infection in the first place?

2.  Why isn't the tool to remove the root built into NIS.

This is not an attack on NIS.  My questions are more about general functionality of anti virus software and why it could not meet expectations.