I found this thread during my remediation efforts on this forum. I'm the admin at trying to deal with this outbreak.
First of all, thanks to all in this thread. I was better able to track the activity because of this. Thanks you Richard42 specifically. I always appreciate a members who actually gives a sh!t and looks for solutions rather than browsing along when they see a problem.
As well, props to avast itself. It is he only AV product that specifically identified the source of the attack on the website itself. All other products alerted me to the final IP source of the attack, but not the intermediate step on my own site. This is obviously what I need to know to remediate the malware.
Among other attacks, it turns out that hackers had used a vulnerability in the forums SEO to overwrite a file and inserted a redirect:
hxxp:www.ww2f.com/clientscript/vbulletin_md5.js
This file has now been repaired and the software upgraded.
I've removed two other instances of infections, and I'm hoping a few of you might be able assist me in ensuring that I've stamped this out. All I need is for a few of you to visit the site, and if you get any alerts, please post the "Object" portion of the warning here. This way I can identify and remove the problem. The attacks were targeting specific browsers, so if you can visit with more than one browsing tool, that would be even better.
Thanks all and keep up the good work avast!