I am confused, help!

I have my own domain, and use Wordpress 2.2. Recently I am getting a threat message when I go to my homepage saying that wp-stats.php is a virus threat, but for the life of me, unless someone hacked into where my domain is housed, there can't be a threat. I asked the company which houses my site if they perform a virus check, and they do and suggested that NOD32 is giving me a false positive.

Has anyone experienced this using wordpress? How do I discern if my directory inside my host server is infected or if my site got hacked?

dancertm.net is my site, there is nothing racey about it, or anything like that. Any help would be appreciated, in the 15 years on the net I've not experience anything like this.

Thanks.

 

Not sure what modified means. When I update the page I do it on line, and don't upload via FTP like on the old days, so I can't imagine something coming from my home computer. When I asked my server host if they run virus protection, they said they do and my directories are clean. I don't quite see how ESET could read a positive, but who knows, bad guys are tricky.

Thanks.