Website di Hack dan berisi Malware

Kemarin sore pas lagi ngecek email yang masuk, dapat email konfirmasi dari google yang mengatakan bahwa salah satu blog saya ini mengandungi malware! (dari noreply@google.com) yang isinya begini neh:

Dear site owner or webmaster of hong.web.id,
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):
http://hong .web.id/
http://www.hong .web.id/
http://hong .web.id/tutorial/
Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//hong.web.id/
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser
If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security
Once you’ve secured your site, you can request that the warning be removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users, we will remove the warning.
Sincerely,
Google Search Quality Team
Note: if you have an account in Google’s Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.

Wah kaget juga neh, kenapa tiba2 diblok ama google yah blog ane, otomatis bila ada orang yg akan mengunjungi situs saya melalui hasil pencarian google akan diberi peringatan terlebih dahulu, dan pengunjung akan tidak jadi membuka situs saya karena ada peringatan kena virus/malware.
Setelah melakukan pengecekan yaitu memakai situs http://http://sitecheck.sucuri.net/scanner/?scan=www.hong.web.id untuk mengetahui datangnya malware yang dimaksud dari mana, ternyata hasilnya dari file: jquery.js dan l10n.js

Malware found on javascript file:
http://****.web.id/wp-includes/js/jquery/jquery.js?ver=1.6.1
 
Malware found on javascript file:
http://*******.web.id/wp-includes/js/l10n.js?ver=20101110

Setelah mencari informasi dari situs google, tidak hanya blog wp saya yang kena serangan ini, ada info yang menyebutkan kelemahan ada pada file timthumb.php dan spekulasi datangnya dari counter-wordpress.com juga plugin akismet.
Untuk sementara menunggu hasil dari forum2 dan diskusi2 dan melakukan perbaikan blog saya agar bebas dari malware yang kedetect ama google, yaitu dengan cara melalukan re-instalasi ulang wp. Kemudian untuk membuka blokir ini, gunakan google webmaster tool, lalu minta di review ulang setelah kita membuang malware yang telah kedetect ama google tadi.