Hello,
There are some factor that sometimes we missed out,
1) Malware writer nowdays did not only exploit OS Level (Windows), but other component as Flash, Adobe etc
2) Variant (could be by pollymorphic or obfuscation), e.g - if AV rely on traditional pattern for certain malware detection... then this method will easily bypass the protection as it doesn't have pattern to detect it yet...
Mind sharing the specific threat name? Is it Ukash? Also you may want to read about Symantec detection for fake AV:
http://www.symantec.com/business/support/index?page=content&id=TECH122898&locale=en_US