Malware alert for Zotero snapshot files

dstillman
This discussion was created from comments split from: Zotero update.
  • dwain0wilder
    I am running zotero 5.0.35.1 and think I should upgrade to 5.0.37 immediately, as a eleven zotero javascript files and one entry in my shared online library, an html file, have been detected to be infected with ckickjack and other unspecified malware. The protection software I use is avast, and I have reported these files to their support.

    The program isolated these files and I can send zotero support a copy of the email I reported to avast. I am concerned to know whether these files were infected via my site or whether zotero.org itself has a malware problem.
    I will keep the files in isolation until I hear from zotero support. Please also advise whether I should upgrade to 37 or preserve the current environment on my computer for further review.

    I am operating a MacBook7,1 with Intel Core 2 Duo, 2.4 Ghz, using macOS 10.12.6 (16G1212)

    Please advise.... I do not see an checkbox to select getting a copy of this report and response sent to my email of record, I supply here my email: dwilder@rochester.rr.com
  • dstillman
    (Be sure to start a new thread if you're not sure the thread you're posting to is for the same issue — the thread you posted to had nothing to do with this.)

    These files are not from zotero.org, and upgrading won't have any effect. These are just snapshot files from items you saved to Zotero. The malware warnings may or may not be real — there's a decent change they're false positives — but the easiest thing to do is to just delete those attachments in Zotero and empty the trash. You can find the associated attachments in Zotero by pasting the 8-character folder name into the search bar.
  • dwain0wilder
    Thank you for the advice, and for forming the new thread. I did a search of the forums for "malware" and the thread I posted on was top of the list, so I plead innocent!

    I find it unlikely these are false positives: I have used macs continuously from the late '70s, and always been careful to have malware scanning tools running ever since I heard of the first 'infections'. These dozen files are the first that have ever been reported out by any Mac-based malware on my system.

    1. The question remains, if they are not false positives, whether they sit on zotero.org waiting do damage my library's users' systems (and perhaps even propagate through the rest of zotero.org!). Any hints on how to figure that out?

    2. If I delete these files, how do I recreate their function, whatever that may be? Will my snapshots be functional without them?

    And thanks for the tip on correlating these .js files to their attachments.
  • dstillman
    It's really not worth worrying about. "Malware" in the context of JS files is generally fairly innocuous — these aren't going to be viruses that are going to infect your system or spread to others. If they're not false positives, they're likely in code from ad networks, like the annoying Amazon-gift-card popups that have been everywhere lately. The easiest option is just to delete the snapshots. If you want to keep them, you can delete just the flagged files, though if you want to apply that change to zotero.org and other synced computers you'll need to make a change to the main HTML file (the file that's selected when you use Show File in Zotero) in a text editor after deleting the auxiliary files and then sync.
  • dstillman
    (Or you can just re-save the original item. Since these are probably from ad networks, you'll likely get different ads on subsequent saves and won't have the same problem.)

This is an old discussion that has not been active in a long time. Before commenting here, you should strongly consider starting a new discussion instead. If you think the content of this discussion is still relevant, you can link to it from your new discussion.

Sign In or Register to comment.