Zotero Files Identified as Trojans??

I have a MacBook Pro with OS 10.6.8., Firefox 5.0.1, OpenOffice 3.3.0. I also have MacKeeper, which has identified 27 Zotero files as Trojans. I've quarantined them, and Zotero and Open Office seem to be working just fine, although I'm prone to getting the "beachball."

My question is whether these files are really Trojans, or whether they've been misidentified. I don't know of a way to copy a picture of these file names so I'll reproduce one. (They are long):

...Library/Application Support/Firefox/Profiles/vsy610uy.default/zotero/storage/US6C6644/if_end.js

The description is: HTML/Crypted.Gen

All but two of the other ones are the same type: ... zotero/storage/...

Any info about these files would be most appreciated. Should I restore them? Are they harmful? Will not having them cause problems for Zotero in any way?

Thanks very much.
  • everything that's in zotero/storage is part of a webpage (or any other file) that you saved with the automatic snapshot folder (or attached otherwise).
    Since these are not part of Zotero, Zotero won't be affected by deleting, quarantining etc. those files and will work just fine - the worst thing that can happen is that a specific snapshot won't open properly anymore.
    Obviously, we can't tell you if these files are actually trojans - it's certainly possible to hide a trojan in a webpage - partly it's a matter of judgement: If you saved a lot of pages for a research project on, say, "Feminity and Violence in Online Pornography", "Linguistic Patterns of Cybercriminals", or "The Lure of Free Things on the Internet" I'd be concerned. If these are part of respected academic webpages they are likely false positives.

    The only thing that might be from Zotero itself are the two items not in zotero/storage - if they're also Zotero related let us know.
  • Thanks so much.
    Actually as I look at it only one of the other two files is not in zotero/storage. Here it is:

    .../Library/Caches/Firefox/Profiles/vsy610uy.default/Cache/D/77/SE490d01

    Under description it says: HTML/Dldr.Agent.21755

    Does that look like anything to you, one way or the other?

    At least some of the files that were identified as trojans were snapshots of Chinese newspaper webpages (English-language versions). Hmmmmm.
  • Just delete all the files it identifies. These are files that might be harmful, and they were saved as you browsed some of thornier pieces of the web. Zotero just saves the page you have open in Firefox, the same as Firefox caches the pages you view. These files aren't part of Zotero, although they were saved by Zotero.

    If you find yourself working with such sites regularly, make sure you keep up to date on browser and operating system security updates, and make sure to very careful about downloaded files. Fortunately, you seem to be using a Mac, so most of these trojans are unlikely to pose any threat to you (although they could conceivably be a threat to others who use your shared libraries, other computers you sync these files to, etc.)
  • yeah, that's the same thing - it's a saved webpage, but not in Zotero, but in Firefox's Cache (FF saves the pages you save to for a while, so that you can surf offline if you want to). Completely unrelated to Zotero.

    Without wanting to sound prejudiced, I'd be careful if this comes from Chinese webpages. I'd say chances are 5 to 1 these are false positives, but that's still pretty high. You can try contacting the makers of Mackeepers, pointing them to those pages - some security firms are very good about getting back to you on those issues.

    In any case - if you let MacKeeper delete all files that are marked as infected/trojans you will absolutely not affect any of your computer's functionality. Worst thing you could lose some snapshots, but not even that is sure (e.g. your example in the first post - a javascript file embedded in the webpage - is almost certainly not essentially for the snapshot to work).
Sign In or Register to comment.