It's probably something he installed without knowing it was infected. Didn't someone post proof of mv using a fake guest script a while back? Another forum I belong to had a problem with viruses inserted in political memes that were hotlinked. I don't think mv did it maliciously but I he is saying it is a false positive so he is being lazy about it instead of figuring it out. I also don't think it was anyone targeting his site and it is probably an infected addon he used.