I sent a report ticket to my host, VodaHost, and within an hour they told me to request a review from Google because everything looks fine. So I did, then changed my FTP and blog login info. My site was up for a few days and then I got the same message from Google saying my site was an attack site.
Sure enough, there was the same script all over my website. I managed to remove the script on a few HTML pages that I uploaded, but I cannot find where the code is being inserted on my Wordpress pages even though the malicious script is visible when looking at the source code. I can't even login to the admin panel anymore, because i'm directed by the damn script.
I need some help. I don't know enough about this sort of thing to do it myself. I have a custom template that I have made several changes to inside the admin panel, so I am afraid of erasing my hard work.
My host has been less than helpful this time, so I'm looking for some WF help to deal with this matter. This is my business website, and I don't need to tell you what this is doing to my credibility each day the site is down.
EDIT: My host finally came through for me after repeated contact attempts....maybe just to shut me up, but who cares! Thanks to everyone who posted useful tips to try to solve my problem.