The remote web server appears to have been compromised by the Nimda mass mailing worm. It uses various known IIS vulnerabilities to compromise the server. Visitors to such a compromised web server may be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. In addition, the worm will create open network shares on the infected computer, allowing access to the system. During this process the worm creates the guest account with Administrator privileges. Note that this plugin only looks for the presence of the string injected by the Nimda worm on the remote web server and may result in false positives.
Solution
Take this server offline immediately, rebuild it and apply ALL vendor patches and security updates before reconnecting it to the Internet, as well as security settings discussed in the Additional Information section of MS01-044.