Have you made any changes recently as to what information the cookies / server side tries to obtain?
If you create a google analytics account/ webmaster account. It should report what is the trigger of this warning.
Google is constantly crawling and re-crawling the web, all the while finding new and changed websites. These websites are found by following links from other websites, crawling URLs submitted by webmasters and users, and so forth. Sometimes, during that process, we discover a website where something doesn't seem right. A website may look like a phishing website, designed to steal your personal information, or it may contain signs of potentially malicious activity that would install malware onto your computer without your consent. If we find a website that looks like it's a phishing page, it gets added to a list of suspected phishing websites. If we find a website that contains signs of potentially malicious activity, we start up a virtual machine, browse to that website, and watch what happens. If we see certain activities happen on that virtual machines (such as viruses being downloaded and installed), we add that website to a list of suspected malware-infected websites. The process for discovering suspected malware-infected websites is described in more detail in a paper written by Niels Provos and colleagues from Google's anti-malware team.
Of the 1189 pages we tested on the site over the past 90 days, 59 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-09-01, and the last time suspicious content was found on this site was on 2012-09-01.
Malicious software includes 8 trojan(s), 8 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software is hosted on 4 domain(s), including iisbubble.info/, implementingsigner.info/, hijackerssudden.info/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including klevfincnoci.org/, downsidehighend.org/.
This site was hosted on 1 network(s) including AS46562 (COLO).
Thanks. We do have webmaster tools setup which has helped me kill most of the attacks. We seem to have a recurring injection attack that is just putting some link to a malicious site at random times. So we're doing all we can to find the hole and patch it along with fixing current attacks. To this point no personal information is at risk.
You are likely getting an Injection attack after someone found an unprotected routine. If this is in the forum software I would hope that the original creator of the forum has a fix for it... If it is custom software you need to check your routines that save data to the database and look for anywhere you save things to. Chances are you have something somewhere that is allowing code to be saved without being checked for code.
Also you need to look at the code you use for uploading pictures since Malicious code can be hidden as picture files. When someone opens the picture the computer will run code hidden in the picture.