interesting indeed,i never sen that before. Double check all your /root .php files codes.
Also,i wonder if there's any new exploit using signatures ect.
I did went to your site using IE couple of times and only happened once. I got a pop up running a fake antivirus scanner trying to make me download a .exe file.
Now..also it might be a "BHO" somewhere. I wish i could of been more helpful.