Unless Apple changed their licensing fairly recently, any and all data put on or sent through an Apple iPad/iPod Touch/iPhone is pretty much fair game for them to read, delete, or share as they see fit. That right there means that iOS can be considered “spyware”.
As @sinscriven points out, SMS (“text messaging”) is also unsecure. No need to install tracking software if they are within radio range of you or have access to AT&T’s servers and equipment. And as much as I would love to disagree with @rawrgrr, there really isn’t a way this could happen to a non-jailbroken iPhone; Apple is that anal about what they allow onto their products. Of course, that means that much of the stuff that is written for jail-broken iPods/iPhones is malware since nobody but Apple is allowed to do anything as far as making iOS more secure….)
The problem here is that iOS doesn’t have a conventional file structure. That makes it a bitch to do a lot of simple things that most people take for granted. That also means that anybody who can write for iOS can hide their stuff pretty damn well, or at least well enough that anybody who asks, “How do I…?” has no chance.
Now, if we assume that there is a virus (or other software) on there then it will likely also be part of your backup and thus will be reinstalled along with your other stuff. There was a non-computer-literate teacher that kept re-infecting our schools (Macintosh) network that way; infected backups.
Of course, an actual virus would have a hard time getting there and an even harder time staying alive, so I suspect that it is supposed to be there… like it was put there by a boss, parent, or law enforcement official.
I can’t think of anything you could do aside from call for help from the only place that is even allowed to know anything about the inner workings of the iPhone; Apple.