Zotero syncing & malware

Windows Defender just found some malware, probably in JS scripts, on webpages I'd previously saved to Zotero.

How do I ensure that when I sync, the same malicious files aren't downloaded to my local Zotero storage again?

Initially it refused to sync, but when I cleaned out those files then tried again, it did sync - but oddly without asking me to resolve any conflicts.

My Zotero storage service renews in a day or two so I'd be very grateful for a quick answer as if I can't stop the malware being pushed back to my PC, I'll have to stop using Zotero.

Thanks.
  • 1) Just delete the flagged attachment items and empty the trash.

    2) These things are almost never really "malware" in any serious sense — they're usually just things like cryptocurrency miners that run while you're on a sketchy website and don't pose an actual risk to your computer.

    3) Zotero snapshots saved since November 2020 are single files with no JavaScript included, so this shouldn't happen for new items.
  • edited March 4, 2022
    Appreciate the quick reply Dan - will do, and trust that they won't resync.

    I did save some items to my Zotero library on a different PC via the Chrome extension, that won't change the position will it?
  • Not sure what you mean by "change the position". Once you delete the attachments and empty the trash, they're gone, and the new saving method has applied to all snapshots since Nov. 2020.
  • edited March 4, 2022
    Thanks, and presumably the items I saved on the other computer will still sync OK to my main PC?

    BTW Windows Defender said Trojan:HTML/CryptoStealBTC - is that one of the miners you mentioned?

    And final query, I don't need to delete the whole item, just the attachment? If I allow Defender to delete just what it found, the rest of the saved item is still OK, i.e. I don't have to delete the whole thing, just the one file, and it won't mess up the Zotero entry?

  • All you need to do here is delete the attachment items in Zotero, and then empty the Zotero trash. You can find the attachments in question by pasting the 8-character folder name into the Zotero search bar in All Fields & Tags mode.
    Trojan:HTML/CryptoStealBTC - is that one of the miners you mentioned?
    Sounds like it.
  • Thanks very much Dan, I will do that.
Sign In or Register to comment.