We have become aware of a recent change to the "classification" of Baidu's servers on some third-party internet monitoring websites, which is now causing Avast/AVG (these are actually the same company) Antivirus to complain that GMS2 is trying to connect to a remote server which is infected with a botnet script.
The dialog looks like this (again, yours may say AVG at the very top):
Please note that the dialog is not saying that GMS2 itself or your local machine is in any way infected with a botnet - it is claiming that the remote server might be, and so the internet connection has been blocked.
This Baidu server is one used simply as part of GMS2 determining whether it is online or not, and if you are not in China, then not being able to connect to Baidu is no problem anyway, so you are free to add a firewall rule to silently block the connection attempt.
No data is transferred from your machine to these remote servers and we simply see if your connection can see the remote server as GMS2 starts up, then GMS2 carries on loading.
Please note that GMS2 will quickly repeat this "Am I online?" test once every 15 minutes or so, so you may occasionally see the warning pop up again later on whilst using GMS2 if you do not add a firewall rule for this.
Why Does GMS2 Connect To This Server?
In all current GMS2 releases we try to reach a range of servers around the world in order to determine if GMS2 is online - we connect to sites other than our own so that GMS2 can tell if there is a temporary issue with our web server and carry on with your current session without asking you to re-license.
(We have had all this information documented in our Permissions and Internet Access guide for a long time - https://help.yoyogames.com/hc/en-us/articles/360022953052-User-Permissions-and-Internet-Access-Required-by-GMS2.)
We are changing the forthcoming 2.3.3 release so that Western users will only connect to Google plus our servers; users in China will only contact this Baidu server plus our server, and these same users will not see any attempts to connect to Google; users in Russia will only connect to Yandex, not Google or Baidu.
However (assuming these ratings websites do not change Baidu's classification back to trusted again and so this issue disappears), if you are an Avast user and for some reason you need to stick with any current/older release after 2.3.3 is available, then you will need to set your Avast/AVG to ignore this message and continue silently blocking the traffic if you wish, as we cannot do anything for historical releases.
Please note that very early 2.3.3 Betas may not have any change here, as this issue has only just appeared. We will announce in the beta release notes when the change has been made.