Allow me to shoot a few scare tactics your way since scare tactics seem to be what drives some people to take fix malware problem a bit more seriously, or at least start thinking about the find out issue.
I might find it a little harder to crack your password, if you're among the ones that are proactive. But if you're among those reactive ones, I might just get you.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it if it cannot be found in the root directory. Additionally, nobody else will have the ability to read the file unless they've SSH or FTP access to your server.
Install the WordPress Firewall Plugin. This plugin investigates web requests to identify and stop obvious attacks.
Change admin username and your WordPress password, or your password and collect and use good WordPress security tips to keep hackers out!