martinibuster - 8:57 pm on May 21, 2012 (gmt 0)
There is nothing to scan. This isn't something that you can scan for, as I explained to you already. I will try to explain it to you again. Sites don't get infected with malware the way computers get infected. Sites have vulnerabilities.
Think of your website as if it were your home and hackers as if they are thieves. In order to get into your home thieves look for vulnerabilities. Typical vulnerabilities will be doors that do not lock properly and windows that are wide open.
Similarly, the software that you use to create your site dynamically will have open windows and locks that are easy to open. They are points of entry to your website files in a manner that allows the public to manipulate your website. These entry points, open windows, are not viruses. They are simply entry points to your site. This is nothing you can scan for.
Take a look at your code. It's possible that the developer used off the shelf software, like a CMS framework. Identify what that code is, whether joomla or whatever and then find someone to patch it for you, to update it to the latest version.
Once your site has been broken into and the site files altered, your antivirus on your desktop will alert you that a virus or trojan was trying to load onto your desktop or laptop. But by that time it's pretty much game over. Google will know about it and within a few days the dreaded "infected site" note in the SERPs. Until you patch the vulnerability, i.e. get a better lock, the hacking is going to continue because it's very likely an automated attack.
Google is just one of many issues to resolve after a hacking attack. Go to McAfee Siteadvisor and websense because they're likely blocking your site, too.