I was able to recreate this on separate servers using backups. The error/block msg appears just after update to 3.6. I assume it is a false positive, as I scanned locally all files and DB, and I run wordfence. All scans come back clean. I also religiously update and use trusted plugins, manually manage security best practices, etc.
I submittied this to Kaspersky and they agree false pos., but give no details. Another note - it only happens with the default "light" heuristic analysis settings for phishing in KIS 2013. Switch to medium or deep analysis and it throws no error - odd (which makes me think it's a KIS bug).
I post this here to help anyone who has seen the same. Please reply if you run KIS and see this and let me know what you think. I will report back if I get word from anywhere else.