We think someone is flagging it in Firefox. Is this all it takes?
How google maintains their anti-phishing list is a secret. Im not sure how many flags it takes to make it on the list.
That said, is this shared hosting? One webserver with one IP address can host thousands of websites. So it could be a shared website causing this. Or your site could be compromised in a way that is not obvious to you. Or a phishing page is somewhere deep in a directory you havent looked at. Lots of scenarios here.
Did you download the latest version of the site via FTP and actually look at the code?
Does the site run on a database? Have you viewed the source?
If your host got infected somehow, your pages can be changed without your knowledge and can be serving up some malicious content. When it happened to us (us = a web server I run), pages were being physically written to with blocks of Javascript that sent the browser to a malicious web page. Most of our clients didn’t know about it - it only came to my attention when I stumbled on it myself. Some of the pages you wouldn’t have even noticed a problem with if you went to them using a browser with good enough tools to keep you from being re-directed. I have to go clean every page on every site - physically remove code.
Another problem that happens is that databases get corrupted with SQL Injection. Hackers use forms to submit SQL code to your database that is then run when data is returned.
So, if you have data in a field that is the string “Product Name” and a hacker gets in and changes your string to “Product Name <script language=javascript>badshit!</script>” you will have problems when that string is displayed in the browser.
Check out the source code on your site, and the physical source code on your pages, and make sure they’re OK before you assume it’s just someone fucking with you by reporting you.
Where do you see the error message? What is the exact message?
Google (which provides the Firefox malware warnings, if I’m not mistaken) just released “Malware details”, a Labs feature in Google Webmaster Tools that shows you the offending snippet of malware code. Might be helpful.
This exact thing happened to us last week. Check that source code!
If you update your site off-line and upload the updated pages, you can just upload everything from the master off-site files and overwrite any potential injected code. (Then fix your security to prevent this from possibly happening again.)