We have been working to clear the site. The hack is nastier than we expected, and there was some code that was self replicating, so when we cleaned up it would reappear. We have worked with our web hosting service provider to sort things out, and that is going along slowly. The problem is that the code is in files that the automatic scanners don't detect. So there is a lot of manual checking that has to be done, though we believe we have found the source
One small bright spot is that it is clear from the Google scans, that our site was never serving any malware. Rather the hack was designed to redirect users to a site that is known to serve malware. so, if anyone came to our site, and did not accept the redirect (most browsers would detect this and prompt the user) they would not be harmed. The redirect doesn't happen every time either, so it's pretty tricky stuff.
The hack came in through a vulnerability in an old version of wordpress installed on our site. We have removed that.
I'll be writing up more details once t is clear, to post on the site, and also to spread the word around. One thing I've learned is that you shouldn't put anything on your site that you aren't prepared to keep up to date, and check for issues. I think it's important to note that the forum software itself isn't where this came in, however the hack exploited the fact that the forum is coded with php and hjavascripts, and those are the files that they targetted and also wrote new files which were paced on the site.