Do a mysql dump of your site ASAP. I’m unsure of where any malware is stored, but I do not see it being stored in the tables. Once you have reinstalled a fresh WP app, you should be able to replace the relevant tables with your content.
I recently had to deal with a hacked blog myself (WordPress).
The error was something like “Trojan program Trojan.JS.Redirector.cv”.
I checked it with a few sites, including Google’s Webmaster Diagnostics page, and apparently a line of code had been inserted in to every PHP page in the blog.
It re-directed visitors to about five “****.rr.nu” sites.
And whoever did it was able to get into the PHP pages on the main site itself, not just the blog side of the site.
Anyhow, I was concerned that even if I manually deleted the code from every page and re-set the password, the hackers might have inserted a backdoor that would have later allowed them access.
So I contacted my hosting company and had them delete my entire site and re-set my account. Then I started over from nothing, and re-uploaded the site.
So far, so good.
But I only had about ten posts on my blog. Doing 600 is a whole other matter.
All the best to you.