I've run into the hidden iFrame on the website for my daughter's dance school. I reported it to them, but they haven't managed to get it cleaned up yet. In fact, I got the domain it directed to shut down, and now the code points to a new one.
As far as the Avast vs. AVG vs. Avira, I'm using Avira (paid) because I found it was detecting a higher percentage of the malware being reported when Castlecops' malware listserve forum was up. (To be posted there, a sample had to be missed by at least 50% of the products included in VirusTotal's scan.) But Avira's wonderful 96% performance still means it misses 4%, which is still a lot of malware.
Re: breaking malicious links in forums: If a link has the http or www, it will be live. If you include those but use invisible forum tags (like the tags for color, italics, bold, etc.) it won't be live, but can be easily swiped, copied and pasted by people who really want to. So in your composition window, your link might look like this:
but when you see it in the final post, it will be
Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b3pre) Gecko/20090223 SeaMonkey/2.0a3