AVG Support Community
Share tips and solutions on AVG Products
Community topics
AllAVG Gurus
These community experts are here to help
-
Alan Binch
-
Borislav Angelov
-
Vladimir Bartl
-
Subhadeep Kanungo
-
Miloslav Serba
Rosie Perera Repeated threats from lijit.com
AVG keeps blocking a connection to ap.lijit.com or ce.lijit.com because "it was infected with URL:Botnet". I have not intentionally gone to that domain name, but I get this message quite frequently when visiting a bunch of my usual trusted websites. It apparently is some adware that has injected itself into other sites, if my googling informs me correctly. I'm glad AVG is protecting me from it, but it's getting annoying to have this popup coming up so frequently. I don't even know what sites are causing this to come up, since it pops up randomly so frequently.
Is this a known/common threat? Has anyone else seen it? Should I be trying to notify the websites in question that they are infected with it? I don't go exploring dangerous areas of the web or clicking on links to unknown sites. It's just coming up in the course of my normal business/research use of the web. Checking the news, travel arrangements, etc.
It seems that the detection is correct and AVG is currently looking into this issue.
We will escalate this case to our higher team to a get a fix, for doing that we need to collect AVG logs from your PC.
We will send an email stating the logs collecting steps, please refer it and revert us back.
Thank you and keep us updated.
All Answers
Hello Rosie,
We apologize for the inconvenince this has caused you.
Firstly, please click on "See details" on the threat message & share us another screenshot.
Secondly, does this issue occur when you're using a particular web browser or in other browsers as well?
Thirdly, please make sure that the virus definitions of your AVG Internet Security program are up to date & check if the issue persists.
Keep us updated.
We're glad to help you.
Please write back to us in your own post to proceed further.
Thank you in advance!
Hi Dave,
We're sorry for the inconvenience.
Please write back to us in your own/new post, so that we can obtain further details, locate your account and assist you further.
Thank you for understanding in advance!
38fa51d8a436/2022-07-31T00:46:25.750Z
Hello Cheryl,
Please accept our sincere apologies for the inconvenience this has caused you.
We request you to write back to us in your own/new post, so that we can locate your account & provide appropriate assistance via email.
Thank you for understanding in advance!
1. Here is another screenshot after I clicked "See details" from when it happened again tonight:
2. This happens most frequently with Firefox (and the above screenshot is from when I was using that), but I've seen it in Edge before too.
3. Yes, my AVG Internet Security virus definitions are up to date. They get updated automatically, frequently, and were just updated today, and again a few seconds ago, and this problem is still happening.
Note this "Threat secured" popup is happening incessantly tonight on your website support.avg.com. Very irritating!
Here's another screenshot from when it happened with Edge, just to show you that it is not browser specific.
I also tried disabling all my add-ons in Firefox, and it still happens. I have the latest version of both Firefox and Edge. Thanks!
Have you tried to reset your Firefox and Microsoft Edge browsers once and then check if it helps?
In order to analyze the website, we request you to submit the URL for analysis through this website. https://www.avg.com/false-positive-file-form
If it is confirmed as safe, it will be whitelisted and the virus definitions database will be released through update.
You will also get the status updated via email.
Thank you and keep us updated.
Sreenu,
What do you mean by "reset" my browsers? I have closed and restarted them multiple times, and this still happens. I have made sure they are both the latest versions. And I have tried this with all the add-ons disabled.
And the problem happens on many URLs. Should I make multiple submissions the false positives site, or include them all on one submission?
There are potentially thousands and thousands of these. For example, deep URLs such many specific word definitions on Merriam Webster all seem to have the problem, but their main site doesn't. I can't report every single instance since it would take me weeks. Is reporting one example URL from each domain where I've seen this problem sufficient? (Another dictionary that has the problem is Reverso, for example.)
It seems to be something that is widespread all over the internet, as I've got six sites in my list so far of where this is coming up, and I'm not the only one reporting this particular problem with potentially illegitimate attempts to connect to *.lijit.com from other sites, so I don't want to assume these are false positives. Maybe a new threat really IS spreading like wildfire, and these sites should be notified that they've gotten infected. Should I do that, or will you take care of doing that once I submit them?
It seems that the detection is correct and AVG is currently looking into this issue.
We will escalate this case to our higher team to a get a fix, for doing that we need to collect AVG logs from your PC.
We will send an email stating the logs collecting steps, please refer it and revert us back.
Thank you and keep us updated.
The pop-up started to appear 7/28/2022.
I use Windows 10 and Google Chrome.
I have notified a site I use frequently, sent a screenshot, haven't heard back.
I am glad I am not the only person this is happening to,
I am going to add a HELP here too, this does appear to be AVG related.
I have followed the instructions and submitted my logs. File ID: V58AY.
I will await further instructions.
Thank you for submit the website for analysis. Our development team will get back to you as soon as possible.
Until then you can add the website to the AVG Exceptions.
AVG >> Menu >> Settings >> General >> Exceptions
I don't want to add these websites to the AVG Exceptions, because Lijit might indeed be malware and I am glad AVG is blocking it for now. If your development team's investigation shows that Lijit is malware and there are widespread infections on various legit websites, I want these website owners to be notified that their sites are infected.
We understand your concern.
We have informed about this to our higher team and they are working on the fix and will get back to you via email at the earliest.
We request your patience and understanding.
Thank you.
"Our virus specialists checked the detection and confirmed it as correct. We block the whole IP because it serves as a browser hijacker. Lijit hijacker is usually installed through some software or as a browser extension. Please follow the steps in our articles below to check your computer first.
1. Update your Virus definitions and AVG application: https://support.avg.com/SupportArticleView?&urlname=update-avg-antivirus
2. Restart your PC.
3. Run a Deep scan by AVG: https://support.avg.com/SupportArticleView?&urlName=avg-antivirus-pc-virus-scan
4. Run a Boot-Time scan by AVG: https://support.avg.com/SupportArticleView?&urlName=avg-antivirus-boot-time-scan
After these steps, please verify if the issue persists."
----------
1. I had already updated my virus definitions AVG application was up-to-date too.
2. I had already restarted my PC multiple times.
3. I ran a Deep Scan and it found nothing.
4. I haven’t gotten around to rebooting yet after preparing to run a Boot-Time scan, but the issue seems to be resolved now. I've tested all the 8 websites that were causing this problem for me, and none of them cause the "threat secured" message anymore.
AVG must have done something at their end, or else all the websites that were infected with Lijit happen to have cleaned it up in the last 24 hours. Or else the Deep Scan did something on my PC even though it reported finding nothing.
I’ll report back if the problem comes back, but at this point I consider the issue resolved.
Thank you.
Thank you for getting back to us and let us know the status. If you need any further help with us, feel free to contact us at anytime. We are available at 24/7.