Hi! It might be worth running through these guidelines as to check if your site has been comprimised and how to fix it: http://www.stopbadware.org/home/security

Stopbadware also work with google so you might have already seen this link on the e-mail you recieved.

Could the sites be linking to sites with malware? That was one of the points they said to check out.

There are several possibilities:

- The notices from Google might have been phake, used for phishing purposes.

- Links from the site might point to sites containing malware. They might also point to sites that point to sites containing malware.

- Some malware software identifies most cookies as malware.

- It's rare, but I once had a malware detection program identify an image I took with my own camera as containing a virus. It turned out that the bit patterns in part of the image matched the bit patterns in a known virus. Slightly changing the brightness level of the image fixed this.

- Some detectors see certain scripts as malware.

- If the notices are based on user reports, a user might have reported malware he already had, because it started to manifest itself while he was viewing your page.

- Likewise, a user might have reported malware that was caused by another internet node pretending to be your page.

many advertising sites have had malware issues before
If you have embedded advertising scripts those sites that host the script could be the only source.

If the google email were correct, and not a phishing run,
the detail will be available at the google webmaster tools page, instructions on site
Take ownership of the sites at Google, instructions on site
then you can access logs and error reports. instructions on site
When you do take ownership of the sites, remove the prior access key, -you guessed- instructions on site