Robert_Charlton - 3:44 am on Dec 27, 2012 (gmt 0)

The feedback I'm getting from my users is that they cannot get rid of the screen appearing constantly, and they are likely to have accessed the site directly.

If the visitors are accessing the site directly... ie, not through Google... that rules out that the warning screen is due to cloaked malware (of the sort that would be visible only to Googlebot or to visitors coming in through Google).

The report page should be identifying itself... and it's got to come from some kind of a monitoring service (or perhaps an ISP) that your users are using.

If checking your site directly suggests it's clean, then it's probably some kind of community-reported warning. Norton Safe Web, eg, comes to mind as one security product that has a user-feedback component. Malwarebytes also refers to various blacklists in deciding which sites to block.

If you did have a malware problem at one point, then you've probably got some reports on a list somewhere that need to be cleaned up. It's not necessarily a question of further removing malware... it may be a question of getting your domain or IP removed from the blacklists.

Norton makes it fairly easy, as I remember, for site owners to contact them. What you've got to do is to ask your users for the source and url of the report page they are seeing, and to handle it either via email or a phone call.