If the script is on the page, it doesn't have to run for avast to actually detect it. So even with firefox & noscript, avast should alert even if the redirect script isn't run.
Interesting, so that means that the site must have been sanitized before I visited. These fake antivirus programs have been around for a while. My sister-inlaw's computer was infected about 2 weeks ago, from some unknown source. It had AVG 8.5 on it. They surfed as Admin, sadly.
By the time I got to it yesterday, the machine was virtually unusable. I safe-booted, downloaded Malwarebytes and cleaned a ton of stuff, running Malwarebytes 3 times rebooting into safe mode between each time. Did the same with Spybot Search & Destroy which found a few more. Uninstalled AVG via Add/Remove. On reboot, ran AVGremover. I then installed Avast Home for her, registered it and updated the definitions. Ran a full Avast scan and it found a couple of nasties in the Restore files and quarintined them. Set up limited WinXP Pro user accounts for them to surf with, and a new admin account with passwords on all. Avast has it's own password added. By then it was late. When I get back over there, I'll eliminate all the Windows Restore files and then create a new restore point. I also will update from WinXP Pro SP2 to SP3.
It seemed fine when I left, but is there anything I'm missing?