Website Virus / Malware issue

[AGCRUISE]

WD9 premium user.
Probably the wrong forum for this, but I have a low traffic web site that I built myself. I use no outside software or widgets other than Jotform. See www.wahia.org.
I was notified by a site visitor that their website virus scanner detected malware in my website. They are using something called Cisco CX. They referred me to two resources they the called "reputable" for website scanning: www.scumware.org , which I could not even get to, and www.cbl.abuseat.org. The second one I was able to get to and I scanned my web site url ( 192.254.234.134 ) and it returns this - see bottom-
I have used several other resources to scan my website including the Google Webmaster Tools - site scanner, AVG, URLVoid.com, onlinelinkscan.com and a few others I found on line. No one else is reporting any virus or malware on board. My question is, have I done enough to insure that my site is virus free? I'm a newbie at all this so any advice would be welcomed.
Thanks



Response from CBL Abuse:

CBL Lookup Utility
Automated/scripted bulk lookups are forbidden. Upon detection, automated scripts will be denied access, and the source IP may be listed in the CBL.

Enter an IP address:


--------------------------------------------------------------------------------

IP Address 192.254.234.134 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-02-01 19:00 GMT (+/- 30 minutes), approximately 7 days, 4 hours ago.


--------------------------------------------------------------------------------

IMPORTANT
This IP address corresponds to a web site that is infected with a spam or malware forwarding link.

We can now tell that the problem outlined below has been fixed. We recommend that you review instructions below (especially if you weren't the one who fixed it) so as to prevent this happening in future. Once done, you can use the self-removal link below.

In other words the site has been hacked.

Usually, this web site has a redirect that takes the user's browser to a spam or malware site. It's usually fake russian pills or pornography.

The web server's host name is "headlightrenewdoctor.com", and this link has an example of the redirect: "http://headlightrenewdoctor.com/straight.html"

Infected servers are usually shared web hosting environments running Cpanel, Plesk, Joomla or Wordpress CMS software that have become compromised either through a vulnerability (meaning the CMS software is out of date and needs patching), or users account information (userids/passwords) have been compromised, and malicious software/files are being uploaded by ftp or ssl.

We believe that these specific infections are frequently done by altering web server access control mechanisms (example, ".htaccess" files on Apache web servers), and causing the redirect to occur on all "404 url not found" errors. We would appreciate it if you can give us copies of the modifications that this infection has made to your system.

It probable that the change was made via SSL or ftp login using userid/password stolen from the "owner" of the hostname/domain. They should run anti-virus tools on their computers, and the password they use to access the web site should be changed immediately.

If you do not recognize the hostname headlightrenewdoctor.com as belonging to you, it means that some other account on this shared hosting site has been compromised, and there is NOTHING you (or we) can do to fix the infection. Only the administrator of this machine or the owner of headlightrenewdoctor.com can fix it.


--------------------------------------------------------------------------------
WARNING: If you continually delist 192.254.234.134 without fixing the problem, the CBL will eventually stop allowing the delisting of 192.254.234.134.
If you have resolved the problem shown above and delisted the IP yourself, there is no need to contact us.

Click on this link to delist 192.254.234.134.

[gwpriester]

Often times there can be false positives.

I went to the home page in your link. Normally if there is bad stuff on a site, McAfee Security Center throws up a warning screen that says WHOA! ARE YOU SURE YOU WANT TO GO THERE? And Malwarebytes Pro will report if it has blocked malware.

None of these things happened just now.

This does not mean there is not anything untoward on your site, but if there is it is not flagrant.

I just did a search on your homepage source file for headlightrenewdoctor.com and did not find this.

Here's a thought. Is this visitor someone you know? Or is it possible that this visitor is trying to sell you something. A service or a product for example.

A few of the more tech savvy members who are probably asleep right now, will check in in the morning and may have some other thoughts.

[Cloud]

This is a fairly obvious tactic to get you to go to the site to check for a virus, and it will ALWAYS say that you have a virus, it will then ask you to download a virus cleaner and nearly every time this virus cleaner is the actual malware; key logger or tracker etc. Stay away!

[zaphodeist]

Sketch and Gary have got it right I reckon, but if not it might also be that another site(s) not connected with you as CBL suggest. It might be an idea to contact your web host.