Blog

Home > Uncategorized  > AVG Antivirus 2011 corrupting web pages with injection of script avg_ls_dom.js

For years I have been a fan of the free edition of AVG Antivirus. It has reliably kept my computers healthy and virus free for years. I have recommended it to family and friends, and have been entirely happy with it. Until now….

Today I was setting up a new install of WordPress 3.0.1. I installed WordPress and went to check the installation by visiting the front page of the default blog using Google Chrome.

Instead of the standard WordPress front page, I was greeted by some mangled html and nothing else. I refreshed the page, and would occasionally get a working page, but usually I would just get html in different states of mangledness…

On looking at the source I found the following unhappy code.

!DOCTYPE html>
<script src="”/A2EB891D63C8/avg_ls_dom.js”" type="”text/javascript”">// <![CDATA[

// ]]></script>My blog | Just another WordPress site
!DOCTYPE html&gt;<script src="”/A2EB891D63C8/avg_ls_dom.js”" type="”text/javascript”">// <![CDATA[

// ]]></script>My blog | Just another WordPress site

And nothing else. When I refreshed the page the code would change, but it would always remain mangled. The problem occurred in Internet Explorer, Chrome and Opera, but interestingly not in Safari.

For an example of a site where this happens, please visit http://rwthorburn.webfactional.com (a basic install of WordPress). You might have to refresh the site a few times before you see the problem, and obviously must have avg free edition 2011 installed – you can get it here if you do not have it.

Googling the name of the mysterious script  avg_ls_dom.js, I found that this script was being injected by the AVG 2011 component Surf Shield.

Surf Shield is designed to scan the pages as you visit and check that they contain no nasties. It does this by injecting a JavaScript file that reports back to the antivirus program and checks the page.

There are already a number of known problems with surf shield, such as hammering busy sites with 404 requests, and breaking IE 7 compatibility mode on Internet Explorer 8, as reported on Softpedia (http://news.softpedia.com/news/AVG-2011-Bug-Affects-Browsing-Experience-Could-Also-Hurt-Websites-160515.shtml), but I have not seen any reports of pages being totally mangled.

Sure enough. disabling the surf-shield component of AVG caused the site to render correctly again. Instructions on how to do this are here.

I have tried to reproduce this problem on a different domain, using a clean install of WordPress, but I only seem able to recreate this problem at the domains mentioned above. I installed an identical copy of WordPress but I did not see the problem.

The last straw

I’m afraid this has been the last straw for me. After several happy years, I think it is time for me and AVG to part ways. I’m afraid losing several hours for me today that I could not really afford to lose was the final straw for me – I’m going to look elsewhere for my virus protection in future.

I have just installed Microsoft Security Essentials on a friend’s computer, and this seems to be everything I want in antivirus software – efficient, unobtrusive and effective. I might also look back at Avast – it’s treated me well in the past…

If anyone has an idea of why only some sites are affected and others aren’t, and even better, how to prevent AVG from screwing up the websites it does, please let me know in the comment box.

16 Comments

  • April 8, 2011at12:44 am

    I also use AVG 2011 to protect the CentOS server. hopefully it is not an attack.

  • Jeff

    Reply
    April 16, 2011at9:13 pm

    Any word on if this has been fixed? I updated to AVG 2011 free; I tried going to this site: rwthorburn.webfactional.com. It did not load properly. In the source, I did not find avg_ls_dom.js (or anything with “avg” in it). I disabled Search-shield and Surf-shield, reloaded IE and went to that page. The page still did not load. There was still nothing labelled “avg” in the source.

  • Nicholas Maietta

    Reply
    May 12, 2011at6:51 pm

    Okay, here’s another example of AVG being “bad”. Currently in Google, typing in “scanner live del norte” comes up with the correct page in page rank as 5. But if AVG 2011 is installed on the machine, the same query to proves that page rank is lost on my page.

    What does this mean?

    It means that my company has spend tens of thousands on developing Comnnetivity, a website content management system, only to learn that our SEO (Search Engine Optimization) at the heart of our system is completely ignored and even filtered out.. because why?

    Because AVG hasn’t taken the time to scan our sites.

    Please contact me if you have any examples, or better yet, post your problems here so others can find them. And Thank You RoslinDesign.com for letting me have a say here.

  • Dave

    Reply
    June 29, 2011at1:59 am

    I just found this problem on a friend’s machine. He sent me html source from a website because it was not working proper on his screen. The AVG surfscan was inserting this code at the top of the page, which seems to be the cause.

    Currently, he had disabled AVG, but not a long term solution.

  • DM

    Reply
    June 29, 2011at3:18 am

    I have also discovered this unusual script today. I thought I had a virus or something. I hope someone finds a solution to the problem.

  • Ann B

    Reply
    July 27, 2011at12:49 am

    Have also encountered script problem “avg_ls_dom” and can’t get rid of it. Internet Explorer suggested to tick the ‘disable script debugging’ and untick ‘display a notification on every script’ – this did NOT help. I ran full computer scans using Glary, Malwarebytes, Adv Sys Care and AVG – still did NOT work.

    I remember updating AVG on July 11th and preformed a system restore to the day before – still getting the errors.

    And I’ve tried your suggestions as well – still getting errors. Anything that contains a link to another website or function, it won’t allow me to perform the task.

  • Stephen Wille

    Reply
    August 1, 2011at7:56 pm

    fyi: viewing source doesn’t seem to reveal the script. i can only see it using firebug to inspect the HTML.

  • M Viswanathan

    Reply
    September 7, 2011at7:38 am

    I am trying my hand on setting up an intranet site.
    I had some problem in aspx file loading the'<script src= xxx.js …'
    I was confused finding <script …. avg_ls_dom.js ..
    Thanks, at least now I know as to where it comes from (browser computer's AVG and not from the server!).
    I have still trying to sort out my other problem.
    Thanks

  • September 20, 2011at9:26 am

    Found a solution to the AVG injection issue. see here http://techwalls.com/news/websites-injected-script-avg-ls-dom-js/

    I managed to disable the injection by following these directions.

  • Stef

    Reply
    September 25, 2011at5:53 am

    I’ve had exactly the same problem. Spent an hour with my hosting live chat – getting VERY upset… only to discover this is an AVG free thing.

    Guess it’s time for me to also part ways with AVG free after using them for many years.

    Ah well… them’s the breaks!

  • Stef

    Reply
    September 25, 2011at5:55 am

    It’s interesting to note that I could see the same iframe page on my laptop and my pc using the same internet connection.

    When I disconnected my laptop from that internet connection and used my mobile wifi the page loaded as it should… without the iframe.

    hmmm

  • June 11, 2012at5:38 am

    How about this. AVG Free loaded on my local machine. Go to my cpanel on a VPS I have online, I open an html form page I was working on, edit it using the built in cpanel editor, then save it back to the server. Code was injected into the page thereby infecting a page on my server!

    I was shocked to find it there. I never saw it inject nor did I have any idea it was there until I happened to run across it during a quick edit of then file.

    Now I have to sort through thousands of documents across 15 sites I have on my system to see where else the script was injected.

    Very unhappy about the entire situation.

  • tahir

    Reply
    June 12, 2012at7:37 am

    i like it

Post a Comment