Exactly, and it is that file that is necessary for avast to get so that they can detect it…
Yes, blocking the site is all well and good, but give it a few hours and they have most likely moved on…but without the install file for this rogue, how will it be detected…
voting in avast! Web Rep 
and hope an avast! Virus Researcher may do the job.
I was going to save the file to send it, but was not sure if it would self execute after it was saved.
Ok, sorry, my comment did seem rather offhand…I would actually be inclined not to encourage users not to try and get the file unless they really know what they are doing…
The best thing to do would be to report the site while it is still active, which would then allow those who are comfortable to get the file.
Malware writers recode everyday. There is no real purpose in posting this stuff. you can find all your malware links here.
If a rogue is reported, and submitted, and subsequently detected…protecting a user at some point or another then there is a purpose in posting…
Well both those sites can give you more info the one person posting a link. Avast should just look at both those sites.
You both have a point there, spg SCOTT and Dieselman,
The malcreants start out with launching a new morphed encrypted obfuscated protected version of the same malcreation. This is an ongoing battle between malcreant and the anti-malware makers…
So the cybercriminals test out their new malcreations for it to go under the anti-malware radar, right? What is adding detection for 0-days etc faster - re-scanning, re-scanning, re-scanning.
As soon as the undetected are flagged once protection against it is possible. So I think reporting flagged malware sites and new rogues to avast (and sending the info to virus AT avast dot com too), and posting it to be re-scanned is good. On the other hand this means protection “after the fact”, the vulnerability gap is still there and stays open. How to close this further, deminish vulnaribilities used to infect by constantly updating the software of your OS and third party programs (secunia psi) and use sandboxing and script protection to be better protected even,
polonus
Another undetected fake av site: htxp://protectionantivscanxp.com/ with mdl_fake AV (these servers often also has zeus/mdl_trojan TDSS on them)…usally they are being taken down rather quickly,
IP initial: see: http://www.ipillion.com/ip/91.213.157.110
Reported there as such
"protectxpdriversvirusnow" is a rogue antivirus site. I had a google redirection virus that kept directing me to that site. The virus apparently started with a 'tdl4 bootkit', as reporte…
polonus
Another one here: htxp://dl.antivirus-antispy.cw.cm/BestAntivirus2011.exe
5 detections for this TR/ATRAPS.Gen, see
http://www.virustotal.com/file-scan/report.html?id=4361036cada809073bca9b8b56f5b2b59e795099d5f1b567a8a5abe873431ea9-1303139492
Avast does not detect yet,
polonus
You use malwaredomainlist,don’t you? 
malc0de is also another great site for malware links.
Hi Dieselman,
We are not given these sites here, because the unaware can get themselves infected, why do you post it then?
Make it htxp please. Same goes for others, unaware users should not be go there unprotected, just as with jsunpack etc. etc.
polonus
Please read the link and the site before you comment. MalcOde is NOT a malicious site. It’s just like Malware Domain List. Mac0de posts links to malicious sites for testing purposes but the site it self is safe. Direct links to malicious sites should be coded with hxxp. But this is not a direct link. Clicking on the malc0de link will NOT directly get you infected. You are posting direct links. I on the other hand are not. Thanks.
Warning notice from MDL.
WARNING: All domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away. This website is a resource for security professionals and enthusiasts
This looks like a new site for the Antispy2011.exe
hxxp:Memoryscannerprotectionwin.com
Got redirected to that site on another website not to long ago
Another Fake-av site hxxp://mbr-antivirus.ce.ms/fast-scan/
Stopped by ClearCloud DNS.
Link is dead.
I wonder if the people doing the fake AV sites are looking on this forum, seems odd the links go down as soon as someone mentions them.
This one is more recent:
hxxp:documentscannerprotectionwin.com