Microsoft Security Essentials detects virus

Rakornbl
I'm running Zotero standalone on Windows 7 64bit Pro and Chrome Version 62.0.3202.94 (Official Build) (64-bit). When I click on the Zotero button to save the URL to Zotero standalone, it fails and Microsoft Security Essentials reports the following:

Trojan:JS/HideLinks.A
File: :\Users\Dick\AppData\Roaming\Zotero\Zotero\Profiles\1yvggdf4.default\storage\TTMAC9cc\@22dotted_horiz.gif@22

  • noksagt
    It is either a false positive or the site is serving malware. There's nothing for zotero to do in either case.
  • Rakornbl
    The problem only occurs when I click on the Zotero button in Chrome to insert the URL into Zotero standalone. If I create a new note and copy and paste the URL into Zotero standalone, nothing happens. The URL's I'm collecting are from well-known, legitimate NFP associations and are not likely to all have been infected with the same malware.

    If it is a false positive, which I suspect, has anyone encountered this problem and is there a fix beyond deactivating the anti-virus software?
  • dstillman
    It's not the URL — it's the webpage files that are being saved to disk, which your security software is then scanning.

    These are usually false positives, and usually harmless in any case, but note that downloading from legitimate sites is definitely not a guarantee that there's not something malicious in the code being (perhaps inadvertently) served. (As you can see in the description of JS/HideLinks.A, this can occur on compromised websites. But it's still nothing you need to worry about.) This one is also triggering on a GIF file, which is bizarre.

    In any case, you can whitelist Zotero's data directory, send that folder to MS as a potential false positive, or just delete that attachment in Zotero and empty your Zotero trash.
  • Rakornbl
    Thank you. This was very helpful.
Sign In or Register to comment.