It's not a bad idea at all. It's the best way to clean a website.
Here's what we do:
1). Use FTP and download the entire site to your PC.
2). Get a copy of grepWin (it's free)
3). Look in certain areas for malscripts: before the opening html tag, between the closing head tag and opening body tag, after the opening body tag, after the closing body tag and after the closing html tag.
4). Use grepWin to scan for: eval(base64_decode strings. These are often found in gifimg.php files and are used to remotely infect websites after the FTP passwords have been changed.
5). Use regex searches. It can help you find common malscripts where the domain or some small segment has changed.
Depending on what anti-virus program you have, many of them will detect the malicious javascript files and either block you from editing them, or quarantine them. Programs like Avast, Vipre and Kaspersky all have to be turned down or off when we're cleaning a website.
1the malicious code was probably injected into the database, so you'd have to clean that too. the only other thing to be affected are template files – knittl – 2010-03-29T15:44:48.757