Add these two addresses to your list of restricted sites if you're and IE user, and to the adblock if you're a Firefox user:
*symboliclynx.com*
*mediacount.net*
*wanrzcvupf.kh*

SymbolicLynx.com is a pointer to malware. It's the IFrame that keeps getting inserted into this site. Symboliclynx has an IFrame embedded into it that is mediacount.net. I've been monitoring both and symboliclynx changes frequently to point to other places, like wanrzcvupf, but eventually they end up back at mediacount.net. If you block these sites, the viruses will disappear.

It's a persistent hacker on the site, absolutely confirmed. Firefox users have not, up to this point, been subject to anything. Yes, virus scanner may pick up a trojan in the cache, but because the trojan requires the script to exploit known buffer overflows in activex code, it can't actually execute. IE users are safe as long as they have been keeping up to date on all patches. Nonetheless, act now to remove those sites from being executed to prevent any possible zero day exploits.

Edited: To add additional site

--------------------------------------------------------------------------------------

IE Users Detailed instructions:  Go to Tools/Internet Options/Security tab and click on Restricted Sites.  Click on the Sites button and add these as *://*.symboliclynx.com and *://*.mediacount.net.

Firefox Users Detailed instructions:  You will need to add an Add Blocker, like Adblock Plus.  If using Adblock Plus, go into preferences and add the filters as shown in the beginning of this post. 

Don't need to, using Linux. La de da.

Just to add more sites to block

I have had the Symboliclynx also point to

*.wanrzcvupf.hk

adding this also won't hurt and will probably help.

 Are you forgetting about http://www.milw0rm.com/ ?  Some linux exploits are listed there.  So if Linux is exploitable also, why not take the extra precaution.

Good point.  Changed OP to include it.

 Probably not a virus, but could be a keylogger, which would explain how the hacker is getting the FTP password.

I've actually had a warning once using Firefox 2 but thanks for the info, I'll definitely add those to my pop up blocker list.

Someone could be getting credentials through XSS, for example.  They could be using your ad host, and they could have gained credentials to VGChartz using XSS.  Otherwise, the server hosting VGChartz has a variety of protocols I wouldn't use with authentication in practice because they're cleartext: ftp, telnet, smtp, etc.  These may not be the source of your problems (I'd wager XSS is) but they're sloppy and if you have people authenticating in the clear and they use wireless, especially in public -- at a games-related show, or an internet cafe, for example --  it's very likely that someone else knows their authentication.

Take a look at your apache plugins and verify that they're not vulnerable versions.  Pay particular attention to anything that sends client-side HTML to be modified, as this is one of the most common XSS attack vectors for IE.  Make sure that the forum software here isn't vulnerable to type-2 XSS attacks.

It may be worth connecting to this site on a computer that displays the behavior (attempts to get a drive-by install of malware) and use wireshark or something of the like to give you a clue as to how/where this is coming from.