I have 44 domains on that IP (64.62.148.103).
About half have Wordpress, so its not a WP issue (versions 2,8 to 2,5). Some have Joomla, PhPBB, or straight HTML.
There are a total of 480 domains on the IP and just about all are affected. The strange thing is that the files flagged may be small ICOs or GIFs or text files with a line or two; basically anything.
This leads me believe there is something else going on. There is DEFINITELY something wrong.
I used a sacrificial laptop to let the malware run its course and it came up with a phony anti-spyware warning (it was using Symantec, not Avast). I have that laptop just for that purpose and it gets re-imaged weekly!
The server team could not find anything amiss on my domains.
I am having them check the nameservers next.
Whatever this is, it's well cloaked!