I believe just about anybody who has had a computer infection probably has similar questions regarding their own installed AV.
I've seen several users (and been one) who have had a particular AV fail to detect (or more commonly, detect but fail to remove) some nasty. The range of products used (and failed, in the instance concerned) is extensive, and includes the "big names".
So I'm not about to defend Avast on this one, except to say that with the number of new variants of rogue software (and malware generally) increasing at such a huge rate (this year alone, so far
by 585% (according to that study) it is not surprising that any AV will occasionally miss one.
(Myself, I changed Av's a number of times before settling with Avast, and have been "settled" happily for over three years. It ain't perfect, but it's helped keep me malware free. For those three years.)
One thing you could look at for the future is tying down the browser exposure a bit. These sorts of things can almost have a free reign if undetected by an AV, with a lot of standard browser configurations. Specifically, prompt for all scripting, in any of the internet zones. Many legit sites get hacked and a hidden frame (an "i-frame", whatever that is, you probably know) is inserted. The site is entered, the script run (unless blocked) and Bang. Malware installed.
All that is required is the appropriate vulnerability in the computer visiting the site, and a compromised site.
I guess you already know to keep all installed software up to date/patched.