Stupidly, I clicked on an email attachment with an htlm extension to see what the scam was. I think I was expecting it to open in a text editor, but it ran. (Dumb, dumb, dumb!) Anyway, I've paid my dues by restoring over a terabyte of backup onto two disks. My question is, can someone far more expert than I am in javascript interpret what the embedded script does, in general terms. (Not what the embedded malware does.) Before anyone panics, I've cut some 600,000 characters out of the text variable so it isn't a danger. (I've also changed the extension from html to txt.)
I think the text var in the script is a representation of the contents of a zip file, and the script changes the text to an actual file and saves it. I'm bit unclear whether the script also tries to run the zipped file. I'd like to remove any lingering doubts as to anything bad that might have happened before I unplugged the ethernet cable. I never saw any evidence of a file being unzipped, or indeed of the zip file itself.
Any information on what the script was doing would be most welcome. Thanks!