I read on a forum that if you have been infected, you have to be careful running personal script files (.php, .asp, .htm, .html, .xml ), well I have websites in .html saved on my computer - that are clean from beginning - but how can I check now if they have been infected?
Can I just open them in Notepad a couple of them and see if they have something weird in it, maybe some hidden code or w/e and then be sure it’s not infected?
Of course I’ll run Avast and Malwarebytes too on them!
If you are careful enough you can check them at jsunpack (mind that you have NoScript installed and active in a Mozilla browser to avoid active code spills over), you can also download malzilla and check the code there. Or go to URLVoid and have a scan there to make a dump, if that is what you meant. The safest way is to make a file in rich txt format or to use a program like PicPick and make a screenshot picture with that of the actual code, look for changes. Time and time again your websites are being visited by the scanners of unmasked parasites, check there also for script injections, also check all the iFrames at URLVoid or at novirusthanks.org, they have an iFrame scanner online there. If you have obfuscated code injected and want to decode, go here: http://forum.avast.com/index.php?topic=58073.0
I have now everything on DVD for backup until I reformat PC so I was just thinking what to do when I put all the files back in. What are the chances though for viruses nowadays to infect .html for example?
Also I am pretty confident if I open them in Notepad I would notice anything malicious, or what do you think?
Also when they say infected .html, they mean javascript?
I just ran a Malware bytes scan, Avast & Kaspersky scan on them and both came out clean, that’s a good sign for now
I will go through some files manually opening them in Notepad looking for suspicious things as a starter while waiting for more tips here.
You can upload them to jsunpack or Wepawet (tck JS there) and see what is reported, go to jsunpack with a Mozilla browser with NoScript installed and active, because the malcode may else spill the box and infect.
Getting script in the form of RTF will not harm, rich txt format is a secure extension for that, or a gif picture of the malcode,