AVG Blocks my Site: Phoenix Exploit Kit

This has been going on for months, and AVG still insists my site is infected with a Phoenix Exploit Kit.

I have had my hosting company run various scans of my dedicated server, but they cannot find it.

I have also been through hundreds and hundreds of files manually, but have only found and removed one instance of malicious code.  

AVG says my site is still infected.  

Can anyone suggest how I might be able to find this malicious code, or what files I should likely narrow my search to.

ps.  Please don't suggest I just upload an old  backup of my entire site.  It's a long story but I can't.  

I use AVG, updated religiously, and your site's have no warning on my end.

Where is this list at?

@ Jason...  Avaste blocks my site, and i believe one other anti-virus product too... I have reported it as a false posetive but go nowhere either......

I am using mcafee currently and i can visit all sites :P

Your site is still blocked in Opera.  I think it's been blocked for a few months now...

What is your site address, I would like to inspect it.

Thanks,

Gadi

You can see information about the site here:

http://www.avgthreatlabs.com/sitereports/domain/ustillup.com/domain-search-widget/www.avg.com.au

It says 54 pages are compromised, but does not say which pages. I would kinda like to take a peek at those pages and see if i can tell where it is.

I wouldn't be surprised if your site is not compromised but rather integrating malevrtisements from a third party.

Is adultfriendfinder the only third party ads you are using?

I`m also showing ads by adultsense.com ....

I went with adultsense and adultfriendfinder when I got kicked by adsense (apparently my site contained adult content).

This issue has really left me stumped.  

As for the pages AVG claims are infected, it does not actually give any indication where this malicious code might be hiding.  I guess it could be an anywhere in the gazillions of files on my server.

I've been using http://www.clickcash.com/ on my adult sites for about a year and have not been marked.

Never tried the adultsense.

I though I read somewhere here where we were to download the entire site to our desktop and run AVG on the folder to check that way.

Is this a way to do it?

Hey, yeah.  I will definitely try that.  Thanks newton27!!!

I can tell you that you have something going on as trying your site crashed one of comps and injected spyware, trojans, backdoors,  etc.. That comp of course was not updated to latest security, browsers and such. Had to restore it back a day.  I think there was about 50, some are listed below.

Zlob.PornAdvertiser.ba    Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.

Spyware.IEMonster.d

Spyware.IMMonitor

Infostealer.Banker.E    Steals sensitive information from the infected computer

ialer.Xpehbam.biz_dialer    A Dialer that loads pornographic material

Spyware.IMMonitor    Program that can be used to monitor and record conversations in popular instant messaging

C:/windows/hidden/    Dialer.Trafficjam.a    Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.

hidden autorun    Trojan.Poison.J    Trojan.Poison.J is a key-logging Trojan for the Windows platform.
 matically invokes paid access to various porn-related Web sites.

 LMAO at the signature!

The malware may be coming through the ads.

I lost my google ads account quite a while ago. For a while i tried adbrite. However, every once in a while an ad would come up that triggered my virus scanner. So i dumped them.

I would try dumping all advertizing for at least 30 days and see what happens.

http://www.net-security.org/malware_news.php?id=1980

Are your advertisements iframes? I would take a look at the list of other affected sites that are listed, you might find they have the same ads you do.