I've checked all 649 files of the CMSimple_XH_155 package on http://virustotal.com/. The files have been checked with 43 recent anti-malware engines. Only for 1 file 1 positive was reported by McAfee-GW-Edition (yesterdays version). The file is plugins/jquery/help/sh/shCore.js (a part of Alex Gorbatchev's Syntaxhighlighter); it was reported as Heuristic.BehavesLike.JS.Unwanted. Manual inspection of the file showed, that it's using clipboard.swf (in the same folder), what might have caused the scanner to report it as potential malware.
I have compared the file with the one contained in the download from http://alexgorbatchev.com/SyntaxHighlighter/download/ (Version 2.1.382) and they are identical. So I'm very sure, that the file doesn't contain any malware, as the SyntaxHighlighter is used on many websites, and 2.1.382 is the latest version of the 2 series, which is still very popular.
IMO we can close the case. There is no malware contained in CMSimple_XH 1.5.5.
A place for security related announcements and discussions - please check this forum frequently!