On Sunday 10/6/2013 at 4:00 p.m. CST our IP was blacklisted by CBL and they indicated we were infected with the ZeroAccess bot.
I ran the basic scans and found nothing.
I delisted our IP address and all was fine until today at 12:00 p.m. CST. Again we were blacklisted (1 day, 23 hours later) and again we were told it was the ZeroAccess bot.
I went to each machine physically (there are only 9 machines including two servers). I ran:
Norton Power Eraser
FixZeroAccess by Norton
Remove Rootkit by McAfee
Deep Scan by the installed VIPRE
Not one of them found ANY problem.
In addition I have a Cisco ASA firewall between the world and us and it is configured to ONLY allow SMTP port 25 traffic from the mail server - so no individual machine could be sending out mail by themselves.
I can understand one false positive, but two? I have delisted us again but if I keep doing this we will be permanently blacklisted.
I also cannot seem to find CBL's email address to contact them directly.