The short answer is no one really knows.
As avast detects many of these rogues, they are a constantly moving target, with multiple new variants on the same theme. They change it slightly so that it doesn't match the same signatures, so it rather depends on the variant.
The biggest thing in these Fake AVs, Rogues, is that they for the most part require a degree of complicity by the user. This is normally gained by the fake pop-up you are infected and the user panicking and clicking buttons (doesn't really matter which as they can all have the same effect) and this is actually allowing something to be installed.
The key is not to panic (how would they know your system is infected, they don't) and the best action on seeing the pop-up is to use the Task Manager and end the browser process from there.
~~~~
That said MalwareBytes AntiMalware (MBAM) is one of the best at removal of these fake AVs and rogues, before it changed its name to MBAM, it was called RogueRemover, a specialist tool at the removal of these rogues.