A link and details of their complaint would help. But yeah there could be help available depending on what you use. Wordpress or web-Windows has tons of tools, like this http://wordpress.org/extend/plugins/wp-security-scan/
In your case may be best to approach manually since you already know what and where.http://www.stopbadware.org/home/security
so not necessarily visible, bad code/links can be hidden/obfuscated. Ftp access and an editor will be more useful than Webmaster. May be you installed it yourself via a plugin or script. If on WP that wont be a shocker. If you did not see it they have a forum for removal http://badwarebusters.org/main/conversatio...et_started=true
lets hope only webscript and not server is exploited. Important you find out how it got there, tighten up where possible.
Check this dude http://badwarebusters.org/main/itemview/8589
he dont understand but looking at sourcecode there are hidden links to very bad sites.
Edited by Bambo, 04 September 2009 - 04:28 PM.