AVG Antivirus 2011 corrupting web pages with injection of script avg_ls_dom.js

For years I have been a fan of the free edition of AVG Antivirus. It has reliably kept my computers healthy and virus free for years. I have recommended it to family and friends, and have been entirely happy with it. Until now….

Today I was setting up a new install of WordPress 3.0.1. I installed WordPress and went to check the installation by visiting the front page of the default blog using Google Chrome.

Instead of the standard WordPress front page, I was greeted by some mangled html and nothing else. I refreshed the page, and would occasionally get a working page, but usually I would just get html in different states of mangledness…

On looking at the source I found the following unhappy code.

!DOCTYPE html>
<script src=”/A2EB891D63C8/avg_ls_dom.js”
type=”text/javascript” >
</script>My blog | Just another WordPress site
!DOCTYPE html&gt;<script src=”/A2EB891D63C8/avg_ls_dom.js”
type=”text/javascript”>
</script>My blog | Just another WordPress site

And nothing else. When I refreshed the page the code would change, but it would always remain mangled. The problem occurred in Internet Explorer, Chrome and Opera, but interestingly not in Safari.

For an example of a site where this happens, please visit this site (a basic install of wordpress). You might have to refresh the site a few times before you see the problem, and obviously must have avg free edition 2011 installed – you can get it here if you do not have it.

Googling the name of the mysterious script  avg_ls_dom.js, I found that this script was being injected by the AVG 2011 component Surf Shield.

Surf Shield is designed to scan the pages as you visit and check that they contain no nasties. It does this by injecting a javascript file that reports back to the antivirus program and checks the page.

There are already a number of known problems with surf shield, such as hammering busy sites with 404 requests, and breaking IE 7 compatibility mode on Internet Explorer 8, as reported on Softpedia here, but I have not seen any reports of pages being totally mangled.

Sure enough. disabling the surf-shield component of AVG caused the site to render correctly again. Instructions on how to do this are here.

I have tried to reproduce this problem on a different domain, using a clean install of WordPress, but I only seem able to recreate this problem at the domains mentioned above. I have installed an identical copy of WordPress here but I do not see the problem.

The last straw

I’m afraid this has been the last straw for me. After several happy years, I think it is time for me and AVG to part ways. I’m afraid losing several hours for me today that I could not really afford to lose was the final straw for me – I’m going to look elsewhere for my virus protection in future.

I have just installed Microsoft Security Essentials on a friend’s computer, and this seems to be everything I want in antivirus software – efficient, unobtrusive and effective. I might also look back at Avast – it’s treated me well in the past…

If anyone has an idea of why only some sites are affected and others aren’t, and even better, how to prevent AVG from screwing up the websites it does, please let me know in the comment box.



If you liked this article you might like to read the follow-up article, Crash Internet Explorer 9 in one line of Javascript!

About Alex Taylor

Roslin Design specialises in web design in Edinburgh. We offer competitively priced website design, and website hosting services. Roslin also provides web management services.
This entry was posted in Uncategorized. Bookmark the permalink.

14 Comments

  1. Indi

    I also use AVG 2011 to protect the CentOS server. hopefully it is not an attack.

  2. Jeff

    Any word on if this has been fixed? I updated to AVG 2011 free; I tried going to “this site: http://rwthorburn.webfactional.com/“. It did not load properly. In the source, I did not find avg_ls_dom.js (or anything with “avg” in it). I disabled Search-shield and Surf-shield, reloaded IE and went to that page. The page still did not load. There was still nothing labeled “avg” in the source.

    • Alex Taylor

      It seems to be loading here fine – anyone else had problems? I haven’t tried this recently, so it’s possible the problem has been fixed…

  3. Nicholas Maietta

    Okay, here’s another example of AVG being “bad”. Currently in Google, typing in “scanner live del norte” comes up with the correct page in page rank as 5. But if AVG 2011 is installed on the machine, the same query to proves that page rank is lost on my page.

    What does this mean?

    It means that my company has spend tens of thousands on developing Commnetivity, a website content management system, only to learn that our SEO (Search Engine Optimization) at the heart of our system is completely ignored and even filtered out.. because why?

    Because AVG hasn’t taken the time to scan our sites.

    Please contact me if you have any examples, or better yet, post your problems here so others can find them. And Thank You RoslinDesign.com for letting me have a say here.

  4. Dave

    I just found this problem on a friend’s machine. He sent me html source from a website because it was not working proper on his screen. The AVG surfscan was inserting this code at the top of the page, which seems to be the cause.

    Currently, he had disabled AVG, but not a long term solution.

  5. DM

    I have also discovered this unusual script today. I thought I had a virus or something. I hope someone finds a solution to the problem.

  6. Ann B

    Have also encountered script problem “avg_ls_dom” and can’t get rid of it. Internet Explorer suggested to tick the ‘disable script debugging’ and untick ‘display a notification on every script’ – this did NOT help. I ran full computer scans using Glary, Malwarebytes, Adv Sys Care and AVG – still did NOT work.

    I remember updating AVG on July 11th and preformed a system restore to the day before – still getting the errors.

    And I’ve tried your suggestions as well – still getting errors. Anything that contains a link to another website or function, it won’t allow me to perform the task.

  7. Stephen Wille

    fyi: viewing source doesn’t seem to reveal the script. i can only see it using firebug to inspect the HTML.

    • Alex Taylor

      Yes, that’s because it is injected into the DOM. This means a that looking at the DOM is the only way to see it.

  8. M Viswanathan

    I am trying my hand on setting up an intranet site.
    I had some problem in aspx file loading the’<script src= xxx.js …'
    I was confused finding <script …. avg_ls_dom.js ..
    Thanks, at least now I know as to where it comes from (browser computer's AVG and not from the server!).
    I have still trying to sort out my other problem.
    Thanks

  9. Gold Coast Spring Water

    Found a solution to the AVG injection issue. see here http://techwalls.com/news/websites-injected-script-avg-ls-dom-js/

    I managed to disable the injection by following these directions.

  10. Stef

    I’ve had exactly the same problem. Spent an hour with my hosting live chat – getting VERY upset… only to discover this is an AVG free thing.

    Guess it’s time for me to also part ways with AVG free after using them for many years.

    Ah well… them’s the breaks!

  11. Stef

    It’s interesting to note that I could see the same iframe page on my laptop and my pc using the same internet connection.

    When I disconnected my laptop from that internet connection and used my mobile wifi the page loaded as it should… without the iframe.

    hmmm

  12. Pingback: 'Puter Woes; Script Busy/Stopped - Ford Truck Enthusiasts Forums

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>