Did you not read the post on what happened,
http://forum.avast.com/index.php?topic=51783.0, which clearly shows that VPS Updates are meant to be scanned, this one slipped through the net by someone failing to follow that protocol.
If users also followed the same principal of first doing no harm as I'm always banging on about instead of deletion much less harm would have been done, if this sounds harsh, it isn't intended to be. Unfortunately users are more likely to click delete as their first option and you have none left.
I don't know where you get the never put on automatic updates in relation to avast from as I have VPS Updates set to Automatic in avast and Program updates to Ask (the avast defaults) When I first got wind of this on the forums, I even did a manual update so I would have the 091203-0 VPS and ran a scan and I didn't get a single alert.
That for me was lucky, but a disappointment as it was my intention to fire off false positive reports for those detected that I knew to be FPs and hopefully alert those monitoring such reports to the problem.
Some valuable (if painful) lessons have been learnt on both sides.