I just noticed a message in Google Webmaster Tools telling me one of my sites had a 'phishing' warning. The malicious files were saved in the directory that TDO Mini Form users use to add images to their posts.
A file called server.exe had been uploaded to that directory, and within that directory the tmp directory contained folders as follows (which I have now deleted):
I only had image file types included in the allowed files list so I don't know how a .exe file was uploaded.
Just read the plugin author's post about this issue (http://thedeadone.net/blog/where-has-tdo-mini-forms-plugin-gone/) so it seems it is a known problem, but I thought posting this here might be of some use anyway.
I have deleted the folders and hopefully the problem is now solved, but I hope there might be an update to the plugin some time because I like TDO Mini Forms a lot! :)