how to check script files if they are infected

Hello

I read on a forum that if you have been infected, you have to be careful running personal script files (.php, .asp, .htm, .html, .xml ), well I have websites in .html saved on my computer - that are clean from beginning - but how can I check now if they have been infected?

Can I just open them in Notepad a couple of them and see if they have something weird in it, maybe some hidden code or w/e and then be sure it’s not infected?

Of course I’ll run Avast and Malwarebytes too on them!

You can upload files smaller then 20mb to www.virustotal.com and have them scanned by 40 virus scanners

alternatives
www.virscan.org
http://virusscan.jotti.org/en
http://scanner.novirusthanks.org/

Hi malko,

If you are careful enough you can check them at jsunpack (mind that you have NoScript installed and active in a Mozilla browser to avoid active code spills over), you can also download malzilla and check the code there. Or go to URLVoid and have a scan there to make a dump, if that is what you meant. The safest way is to make a file in rich txt format or to use a program like PicPick and make a screenshot picture with that of the actual code, look for changes. Time and time again your websites are being visited by the scanners of unmasked parasites, check there also for script injections, also check all the iFrames at URLVoid or at novirusthanks.org, they have an iFrame scanner online there. If you have obfuscated code injected and want to decode, go here: http://forum.avast.com/index.php?topic=58073.0

polonus

Hi malko,

Before I forget it also bookmark this online check page as well: http://www.zubrag.com/tools/sql-injection-test.php

polonus

Hmm… I will try that. Thanks.

I have now everything on DVD for backup until I reformat PC so I was just thinking what to do when I put all the files back in. What are the chances though for viruses nowadays to infect .html for example?

Also I am pretty confident if I open them in Notepad I would notice anything malicious, or what do you think?

Also when they say infected .html, they mean javascript?

Does anyone know anything about this?

I just ran a Malware bytes scan, Avast & Kaspersky scan on them and both came out clean, that’s a good sign for now :slight_smile:
I will go through some files manually opening them in Notepad looking for suspicious things as a starter while waiting for more tips here.

Please people give me a hand. I doubt the viruses I got will change those though! Because they do different things.

Hi malko,

You can upload them to jsunpack or Wepawet (tck JS there) and see what is reported, go to jsunpack with a Mozilla browser with NoScript installed and active, because the malcode may else spill the box and infect.
Getting script in the form of RTF will not harm, rich txt format is a secure extension for that, or a gif picture of the malcode,

polonus