Need help- visitors to site getting virus alerts

I've had 3 people tell me today they have had virus alerts when visiting the homepage of my website. One person said the content blocked was 'toopartyclame7.biz' and another that she keeps getting 'malicious url alert' from avast. Another gets the green icon for https, but it then goes yellow and informs her "although the connection to the webpage is encrypted, it contains 'other resources' which are not secure." Steps i've taken so far:

Done full scan on my pc using MSE and Malwarebytes - all clear.

I've used 6scan to scan all files on the domain.

Contacted host provider who have used google safebrowsing scan and securi to scan all files and they say it is all clear. I've repeated the scans and also getting all clear.

What else could it be? Could there be something not right throwing up false positives?

It's my first day of trading today and I dread to think how many potential customers this has put off, i've had almost 50 unique visitors today who seem to have only viewed the homepage and that's it I dont get any alerts myself btw.

Oh come on please, why do I NEVER get any replies to my requests for support? Where else can I go to get this answered it's kind of important!

I'm sorry but this isn't a normal thing to experience and I for one have never had to deal with it in 15+ years of having websites.

My guess is there is a hidden virus file somewhere you and your hosts have missed, though it sounds like you did everything you could to find it. If you are on shared hosting, it might not even been something on your files but on someone elses on the same server. You could ask your webhosts to move you to one of their other servers and see if that corrects the problem. It could also be a line or 2 of injected code on one of your files.

The "other resources which are not secure" issue is probably due to facebook, twitter or other 3rd party calls you have using http:// instead of https:// in their code. You can try forcing them to https:// or remove that altogether and put them in as //domain.com - sometimes that works. Try http://www.whynopadlock.com to see what the issues are that you can correct.

Of course, a link to your site would be helpful as well since you are asking for support with no way for anyone else to really investigate the error.

Hi, thanks for the reply I removed a link from the header that was http and that has fixed the Chrome icon issue, but people are still reporting virus alerts. I've been onto the host again today (Arvixe) and they have escalated it again and I hope to hear back from them later today. That's a good point about it perhaps being from elsewhere on a shared server, I might contact them now and suggest that

Website is https://itsawoodthing.co.uk

Gawd I am such a dunce. It must be connected to this post I made on sunday http://forum.opencart.com/viewtopic.php?f=20&t=97840

Got a guy from Arvixe looking at it now

I knew that extra code must be dodgy but been so hectic and my brain is frazzled