Please understand that these rogue "security" applications have hundreds of mutations per day. An antivirus (ANY of them, not just avast) cannot be the only line of defense you rely on. AVs are for the most part a reactive technology and always a couple of steps behind the malware writers.
So - for starters, if that users didn't browse web under an administrator account, chances of getting infected would be greatly reduced. Some applies for SRP (for normal users, no need to be able to execute anything beyond %WINDIR% and %ProgramFiles% where they don't have write access. And then there are sandboxes, such as the one in Avast Pro or Sandboxie (both free and paid). With those, the malware would be gone once the browser/sandbox gets closed and flushed.