I'm glad that everyone seems to have got their PC's in good order once again.
It is disturbing that certain AVs didnt pull this up - why they didnt I dont know. There are new viruses coming out every day, but one would hope that most AVs would be able to sense a virus pattern!
I strongly suspect the site was first compromised several days ago which would have been when the database was first accessed. It would appear that any email addresses/peronal info has already been harvested for possible spam targets.
I'm not certain on this... but I would suspect that the most likely cause is that someone took advantage that the forum software was not maintained, and any security patches werent installed.
The latest events cumulating yesterday appear to be a 2nd compromise and someone taking advantage that the site was still unsecure. They edited the main forum index page to include some malicious code. The php warnings were an indication that the original code had in some way been altered. Whoever did this then inserted a fake image banner file, which was actually a payload hosted at another domain. The probable idea is to trick your browser into thinking its an image rather than a virus.
The website behind this is well known to host virus/trojan/malware files, and according to various security reports has been responsible for taking down and/or injecting malware into users of many other compromised sites over the past few days.
According to the diagnostic report it was hosting "23 exploit(s), 17 trojan(s)" specifically for infection of other sites.
I can confirm that the malicious code has been removed. Presumably James will at some point apply any patches and update the forum software. Nothing much can be done about the spam situation and any other information held on the database which may have been accessed.