its all good.. you are right it is possible for the jscript to copy to local client, but the infection has to be cleared up before the site should be revisited. we need to leave it in Pimax's hands. members should not go to the site, as @jorgenRe is right you could infect yourself, running a local antivirus on your pc if you have been there is not a bad idea, also consider using a free malware scanner as well like malwarebytes antimalware free (it gives you a 30 day trial of the full version and you can drop to the free one at the end of the trial) - not for commercial use unless you pay for it tho.. defiantly don't click on LOGIN on that site! or click any links, @Pimax-Support @xunshu it may be a good idea to drop the site into offline version in the meantime while your IS Staff sort the malware out. (forgot to mention, make sure the wordpress site and the shop module are patched to the latest versions as well.. i noticed that they had a few versions out of date.
If you need help cleaning it up, I will be available in the evenings. +12 GMT (NZ time)