На каждую страницу вставьте (перед закрывающим тэгом body):
<script>
//
//License: CC BY-SA 4.0
//Tiny JS Malware/XSS Checker v0.0.1, ©2016, xmoonlight. All rights reserved.
//Usage: Add this script before closed 'body' tag into HTML/template and browse to page what contains malware script via browser.
//
var elements=document.getElementsByTagName("*");
var total=elements.length;
var i=0, out='!OnacHocTb!\n--------\n', end='\n';
var attr;
while (i<total){
el=elements[i];
about=i + ": " +el.tagName+": ";
if (el.onerror) out+=about+el.onerror+end;
else if (el.getAttribute("http-equiv")&&el.getAttribute("http-equiv").match(/refresh/i)!==-1)
out+=about+'content="'+el.getAttribute("content")+'"'+end;
else console.log(about+'clean.');
i++;
};
if(out!='')alert(out);
console.log(out);
</script>