Upgrade StorageZotero Files Identified as Trojans??
I have a MacBook Pro with OS 10.6.8., Firefox 5.0.1, OpenOffice 3.3.0. I also have MacKeeper, which has identified 27 Zotero files as Trojans. I've quarantined them, and Zotero and Open Office seem to be working just fine, although I'm prone to getting the "beachball."
My question is whether these files are really Trojans, or whether they've been misidentified. I don't know of a way to copy a picture of these file names so I'll reproduce one. (They are long):
...Library/Application Support/Firefox/Profiles/vsy610uy.default/zotero/storage/US6C6644/if_end.js
The description is: HTML/Crypted.Gen
All but two of the other ones are the same type: ... zotero/storage/...
Any info about these files would be most appreciated. Should I restore them? Are they harmful? Will not having them cause problems for Zotero in any way?
Thanks very much.
My question is whether these files are really Trojans, or whether they've been misidentified. I don't know of a way to copy a picture of these file names so I'll reproduce one. (They are long):
...Library/Application Support/Firefox/Profiles/vsy610uy.default/zotero/storage/US6C6644/if_end.js
The description is: HTML/Crypted.Gen
All but two of the other ones are the same type: ... zotero/storage/...
Any info about these files would be most appreciated. Should I restore them? Are they harmful? Will not having them cause problems for Zotero in any way?
Thanks very much.
Since these are not part of Zotero, Zotero won't be affected by deleting, quarantining etc. those files and will work just fine - the worst thing that can happen is that a specific snapshot won't open properly anymore.
Obviously, we can't tell you if these files are actually trojans - it's certainly possible to hide a trojan in a webpage - partly it's a matter of judgement: If you saved a lot of pages for a research project on, say, "Feminity and Violence in Online Pornography", "Linguistic Patterns of Cybercriminals", or "The Lure of Free Things on the Internet" I'd be concerned. If these are part of respected academic webpages they are likely false positives.
The only thing that might be from Zotero itself are the two items not in zotero/storage - if they're also Zotero related let us know.
Actually as I look at it only one of the other two files is not in zotero/storage. Here it is:
.../Library/Caches/Firefox/Profiles/vsy610uy.default/Cache/D/77/SE490d01
Under description it says: HTML/Dldr.Agent.21755
Does that look like anything to you, one way or the other?
At least some of the files that were identified as trojans were snapshots of Chinese newspaper webpages (English-language versions). Hmmmmm.
If you find yourself working with such sites regularly, make sure you keep up to date on browser and operating system security updates, and make sure to very careful about downloaded files. Fortunately, you seem to be using a Mac, so most of these trojans are unlikely to pose any threat to you (although they could conceivably be a threat to others who use your shared libraries, other computers you sync these files to, etc.)
Without wanting to sound prejudiced, I'd be careful if this comes from Chinese webpages. I'd say chances are 5 to 1 these are false positives, but that's still pretty high. You can try contacting the makers of Mackeepers, pointing them to those pages - some security firms are very good about getting back to you on those issues.
In any case - if you let MacKeeper delete all files that are marked as infected/trojans you will absolutely not affect any of your computer's functionality. Worst thing you could lose some snapshots, but not even that is sure (e.g. your example in the first post - a javascript file embedded in the webpage - is almost certainly not essentially for the snapshot to work).