Report ID 342200703 - infected file message

Emily2020
Hi, everything was working fine until I ran an anti-virus scan on my local drive and found an infected html file under zotero/storage/VVXFE3GP/29xingu.html

My anti-virus on my local drive said the file was infected with a trojan horse called JS:IFrame-CJ

So I deleted the infected Zotero file from my local drive. Of course, I know the path but I don't know what bibliographic info the file contained because I didn't want to open it to have a look because it had a virus.

So far, so good. Problem is, now when I work in Zotero I am constantly getting messages from my local anti-virus alerting me that a trojan horse is being blocked. It seems like every minute or so. It's very annoying. This only happens when Zotero is open. I assume this is the Zotero sync trying to download the infected file to my local drive (the one I allowed my anti-virus to delete).

I want to remove the infected file from my remote Zotero archive but don't know how.

Please advise. Thanks.

BTW, I saw a 12/01/2010 forum post by Dan Stillman (General: Are my remote files infected with a virus?) advising "you could .. move to a backup location ... all files on WebDAV, and then do a Rest File Sync History..." How do I move my WebDAV files to a backup location. It's been a while since I set up Zotero and I can't remember if there's a way for me to do this. Thanks!
  • Emily2020
    Hi, I just tried working in Zotero again and saw the sync arrow turning. A moment later I got an error, so I clicked to report it to you guys and the Report ID is 1210569566. The problem appears to be the same one that generated Report ID 342200703 described above.

    Thanks for your help with this issue.
  • dstillman
    You could turn JavaScript off in Firefox and then open the HTML to see what it is (or to find some text to search for in Zotero). Searching for 29xingu.html in Zotero might also show you the attachment, if the attachment title is the same as the filename.

    Once you know what Zotero item the file is associated with, you can delete the item in Zotero, empty the trash, and sync. If you get a conflict, be sure to choose the deletion to keep.
  • dstillman
    edited September 21, 2011
    Or just open the HTML file in a text editor—depending on what you use, it might be helpful to rename it to .txt first—and look for some text to search for.
  • Emily2020
    Thanks, Dan. If I understand you, you are suggesting ways to look at the file and then delete it from my local drive. I have already deleted it locally.

    My problem is the remote copy of the file. The infected file is still in my zotero remote archive and zotero sync keeps trying to download it to my local drive, causing very frequent messages that my system is being attacked by a trojan horse. My problem is that I want to remove the infected file from my remote archive, but don't know if there's a way to do this easily without damaging the remote archive or causing sync problems. Currently the sync is working fine, the problem is that the remote archive keeps trying to replace the infected file I deleted locally. Thanks!

    P.S. A secondary concern is being able to look at the file so that I could try to go back to the original URL and get a clean copy of it. But that's not essential. If I can see the file somehow without downloading it to my local system again, that would be ideal. If not, I'd accept losing that file. I'd rather not download the infected file to my system again. Thanks for your advice.
  • adamsmith
    edited September 22, 2011
    if you delete the snapshot in your local copy of Zotero (right-click, delete item from Library) it should get deleted (or at least not try to re-download) from the server on syncing (don't forget to empty the trash before syncing).
    Note that you need to delete from inside Zotero, _not_ from your file system.
  • Emily2020
    Thanks for the prompt reply. My problem is that my anti-virus flagged the file as infected and so I allowed it to be deleted by the anti-virus. I'm not having problems with my local copy of zotero as a result. Everything's fine locally.

    The only problem is the remote archive, which still has the infected file and keeps trying to download it to my system.

    If I understand you correctly, you are saying I need to turn off my antivirus, allow Zotero sync to download the infected file to my local system, and then try to discover which file it is and delete it locally from within Zotero?

    I'd rather not re-infect my local system. I had problems on my computer just prior to deleting this file and now everything's running well again. Isn't there a better way?
    Thanks.
  • adamsmith
    again - you need to delete the item in question from within Zotero. If the file just got deleted on the file system, the snapshot very likely still shows up in Zotero - though it probably won't open. Delete that, empty the trash and sync.

    Of course you would need to be able to identify which snapshot this is - start by searching for 29xingu in Zotero. Note that you can also search your library online, that might help. If I understand correctly, you should also be able to just delete the snapshot from the online version of your library.
  • Emily2020
    Hi, adamsmith --
    I followed your advice and the problem is resolved. BTW, the trash icon is hard to find and when I searched your documentation for "empty trash" and "trash icon" nothing came up. Thanks for your help.
  • adamsmith
    edited September 23, 2011
    great - I'll have a look about documentation on trash - though it appears that currently the search is simply broken, so you don't get any results for any search.
    edit: search is back up but documentation has nothing on the trash. I'll see where it fits.
Sign In or Register to comment.