This happens mostly because of the out-dated Built-IN scripts you use (WordPress, CMS, Joomla, etc) and once these scripts are outdated these scripts can be injected with SQL queries and malicious scripting allows the intruders to get your FTP credentials to upload the virus/malicious contents on the website.
Please note that securing a hosting account requires a proactive approach. To get rid of this issue, I would request you to:
First, check your website for any malicious contents at:http://sucuri.net/, then follow the below steps.
1. Scan your local computer using an updated Anti-virus.
2. Then ask your web developer to conduct a thorough audit of your account to remove any vulnerable scripts, files/folders which are not related to your website contents.
3. Download all your web data locally and scan it using an updated anti-virus software.
4. After you have done it, remove all the existing website contents from the server and re-upload the scanned data.
5. Make sure all scripts (your website applications) are updated to their latest versions to avoid any vulnerabilities from being exploited.
6. Also use 'http://www.pctools.com/
Once done, please re-submit a website review to Google using the below Google webmasters tool:
Once the site is examined by Google and it is considered as malware free, the malware warning will be removed from your site.