I'm not a moderator, but maybe I can help with something that is actually relevant!
Here is the <REAL> symantec removal tool:
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_USI have no idea wether it will do any good; I doubt this problem is caused by symantec "leftovers" (it doesn't make any sense that having a few files leftover from an symantec install would cause a completely separate AV product to start detecting malware on otherwise benign websites).
While Allan is correct in that it could be a false positive, I don't believe so. From the looks of it, Avast has found links on the page to the URLs you posted- these are malicious sites for certain, with any number of complaints regarding them online, and via WOT
The reason I don't think it's a false positive is because Avast simply cannot pull a fully formed URL like that out of nowhere- it's almost certainly on the page. The question is how did it get there, especially on a site like nytimes.com?
I had a similar problem, although I discovered it a different way. I was working on any number of HTML files, and UltraEdit kept asking me over and over wether it would like me to reload the changes to the file (although I hadn't changed it). I noticed that there was an extra line of script being plopped on the end of all HTML files, including those downloaded by visiting web pages- that essentially tried to perform a drive-by download and infection.
These files were all flagged as "spyware" by malwarebytes, and I managed to clean them, but they were the result of a much worse infection that ended up requiring me to reformat and reinstall everything.
Basically, While AVG is catching one of the symptoms, it might not be catching the disease (no AV is perfect, after all). I'd recommend running a scan with another tool for a second opinion, like malwarebytes (yes, it was recommended by mister "I like to talk about adware for no good reason" but it is actually a good tool)
Of course this is all assuming that is the cause- as you mentioned it could very well be an ad- but I don't think a site like nytimes would affiliate themselves with malicious ads. If you want to find out, you can search for the URL in the source file.
When you get the warning/trojan horse message from Avast again, view the source of the page (usually View->Source, in Chrome you can Right-click a blank area and choose "view page source"). Then do a search in the source for the URL it gave.
If it appears at the very bottom of the file in a little <script> tag or something, you're almost certainly infected. If not, well, you probably still have something nasty on your computer. because I really can't think of a good reason for a well-trafficked site like that to start showing popups alike you've described.
I hope this helps!
