For years I have been a fan of the free edition of AVG Antivirus. It has reliably kept my computers healthy and virus free for years. I have recommended it to family and friends, and have been entirely happy with it. Until now….

Today I was setting up a new install of WordPress 3.0.1. I installed WordPress and went to check the installation by visiting the front page of the default blog using Google Chrome.

Instead of the standard WordPress front page, I was greeted by some mangled html and nothing else. I refreshed the page, and would occasionally get a working page, but usually I would just get html in different states of mangledness…

On looking at the source I found the following unhappy code.

!DOCTYPE html>
<script src="”/A2EB891D63C8/avg_ls_dom.js”" type="”text/javascript”">// <![CDATA[

// ]]></script>My blog | Just another WordPress site
!DOCTYPE html&gt;<script src="”/A2EB891D63C8/avg_ls_dom.js”" type="”text/javascript”">// <![CDATA[

// ]]></script>My blog | Just another WordPress site

And nothing else. When I refreshed the page the code would change, but it would always remain mangled. The problem occurred in Internet Explorer, Chrome and Opera, but interestingly not in Safari.

For an example of a site where this happens, please visit http://rwthorburn.webfactional.com (a basic install of WordPress). You might have to refresh the site a few times before you see the problem, and obviously must have avg free edition 2011 installed – you can get it here if you do not have it.

Googling the name of the mysterious script  avg_ls_dom.js, I found that this script was being injected by the AVG 2011 component Surf Shield.

Surf Shield is designed to scan the pages as you visit and check that they contain no nasties. It does this by injecting a JavaScript file that reports back to the antivirus program and checks the page.

There are already a number of known problems with surf shield, such as hammering busy sites with 404 requests, and breaking IE 7 compatibility mode on Internet Explorer 8, as reported on Softpedia (http://news.softpedia.com/news/AVG-2011-Bug-Affects-Browsing-Experience-Could-Also-Hurt-Websites-160515.shtml), but I have not seen any reports of pages being totally mangled.

Sure enough. disabling the surf-shield component of AVG caused the site to render correctly again. Instructions on how to do this are here.

I have tried to reproduce this problem on a different domain, using a clean install of WordPress, but I only seem able to recreate this problem at the domains mentioned above. I installed an identical copy of WordPress but I did not see the problem.

The last straw

I’m afraid this has been the last straw for me. After several happy years, I think it is time for me and AVG to part ways. I’m afraid losing several hours for me today that I could not really afford to lose was the final straw for me – I’m going to look elsewhere for my virus protection in future.

I have just installed Microsoft Security Essentials on a friend’s computer, and this seems to be everything I want in antivirus software – efficient, unobtrusive and effective. I might also look back at Avast – it’s treated me well in the past…

If anyone has an idea of why only some sites are affected and others aren’t, and even better, how to prevent AVG from screwing up the websites it does, please let me know in the comment box.