This thread remind of proverb
You can lead a horse to water, but you can't make it drink.
My question is... is there a way to check if the website I went to indeed had malware/trojan/keylogger etc? Such that if you post that link on a website, it would scan if there is anything malicious? Or its possible it could be hidden where a website can't even scan it?
You could try
https://www.virustotal.com/ and choose "URL" or "Search" option, but obviously this website can't detect all kinds of malware, keylogger, etc.
~
He has a Nano S? He should just import the paper seed into a fresh Electrum wallet or even BlueWallet on his mobile if he only has that one infected machine; then send all funds to the Ledger & that's it. Coins secured. That's the simplicity of hardware wallets..
He has, check
https://bitcointalk.org/index.php?topic=5371526.msg58445037#msg58445037.
Of course he could also buy a new laptop, rip out connectivity & set it up as an airgapped, dedicated Bitcoin machine, but that will probably need more money and time.
I doubt he'll bother doing it when he use password manager to store seed.