Site Hack
I'm glad you quickly recovered from the site defacement! I've recently directed people to download this extension. Should people be concerned over the integrity of the XPIs they've downloaded? Are there hashes available for the XPIs?
This discussion has been closed.
Only index* files were affected, so there's no need to be concerned about other data, but we've verified the XPI to be safe--it hasn't been changed.
Let us know if you have any additional questions.
Viruses often look for what appear to be unused folders or folders where the user will not look in often and will therefore not notice extra files accumulating. This is where they then take up residence, so to speak, and store data files and replicated copies of themselves. This means it is entirely possible that a virus is in one of your Zotero folders completely independently of the operation of the Zotero program itself. Unfortunately, Zotero stores it's files with seemingly randomly named file names so it is difficult to discern the difference between legitimate files and virus files just by looking at the names.
In order to help troubleshoot this problem I will need some technical information from someone on the Zotero team: When Zotero exports the database, and if the user selects the "Export Files" option, will the export process simply copy every single file in the Zotero storage folder regardless of whether it is actually used by Zotero? Or will Zotero only copy files that are directly used by the Zotero database? This information is crucial in determining whether it is possible to use the Export/Import process to clean out the database folders so that they only contain exactly the files used by Zotero.
P.S. If Zotero does simply copy all of the files in the Zotero storage folder into the export folder, then this means it is possible to spread viruses by exporting one's database and sharing it with someone else. That is not good and should be fixed.
I have gone to the individual folder each time to delete it. The anti-virus software that I have identifies it as a java-script exploit, but I am unaware of the details of the virus. The snapshots are not that important too me, my thought to rectify the situation is to uninstall zotero from firefox and delete the entire zotero database. My only question then is when I reinstall zotero and sync it with my online zotero account (I am using 1.5 beta), will it pull the info or replace it with what I have locally?
Be that as it may, I think you are correct. It probably is just something that was downloaded when mahood took the snapshot in Zotero.
Mahood, it seems that you may need to figure out which snapshot this file belongs to and delete that snapshot within Zotero. If Zotero is truly synchronizing then it should also delete that snapshot from the online copy as well and your problem will be over. By uninstalling Zotero and doing a complete resync you are essentially telling Zotero that you want to copy down that exploit infected file.
If you feel you must have a copy of that snapshot in your database then you could possibly try this:
- Delete the snapshot as stated above and make sure Zotero syncs with the server. (This should remove all of the snapshot files from the copy of your database synchronized up to the server.)
- Go into Zotero preferences and turn off automatic syncing.
- Make sure that JavaScript is turned off in Firefox. At least temporarily.
- Go back to that web page and take a new snapshot.
- Run your virus scan, find offending the file, and delete it.
- Now go back into Zotero's preferences and turn automatic synchronization back on. (Or just manually sync with the server.)
- Now that the offending file is not even on your hard drive it can't be synced up to the server can it?
There you go. The file is gone and you still have your snapshot.