I don't know why I didn't click on the Blacklist Status tab on that Sucuri report. It leads to Spamhaus as the actual blacklist:http://www.spamhaus.org/dbl/removal/rec ... oktalk.com
Which leads to a suspcious file on toughbooktalk.com:
Rob, I run several web servers for a living and have suggested you try out maldet. Here is how to do it on windows.
Download Clamwin here:http://downloads.sourceforge.net/clamwi ... -setup.exe
Download maldet here:http://www.rfxn.com/downloads/maldetect-current.tar.gz
Install Clamwin and extract maldet somewhere temporary so we can copy its sig files. 7zip can handle tar.gz in two steps, first un-gzipping then un-tarring
Make a directory inside the clamwin bin directory named 'maldet'
For example on my system it would be this full path:
C:\Program Files (x86)\ClamWin\bin\maldet
Copy the files from the maldet files\sigs directory into the maldet directory you just created above. There should be two .dat and two .hdb files.
Open a command prompt and cd into the Clamwin's bin directory
cd C:\Program Files (x86)\ClamWin\bin
Run this command, preferably using the administrator user to reduce 'permission denied' errors on individually scanned files:
clamscan.exe -r -i -d maldet (FULL PATH TO YOUR WEB FILES)
clamscan -r -i -d maldet e:\inetpub
This will not delete or quarantine files. -r is recursive look, -i is report summary only and -d is directory containing sig files.
Maldet might report back about files containing base64 or otherwise obfuscated code. These are not necessarily infected but often are. They should be examined individually. It's the other types of nasties that should be taken more seriously like PHP shells.