I was working on cleaning up a Joomla! website from malware tonight briefly.
I used http://sitecheck.sucuri.net/scanner/ to scan site, then this script: https://github.com/walkeralencar/rrnuVaccine , which is specific to a particular hack, but also read this site: http://devilsworkshop.org/tutorial/remove-evalbase64decode-malicious-code-grep-sed-commands-files-linux-server/55587/ , which speaks more generally about eval(base64_decode injections into your php files. I read the rrnuVaccine code before running it although I was fairly sure it is fine since it is publicly hosted on GitHub.
Once I was done with that, I used the Sucuri scanner linked to above, and confirmed the site is free of malware now. I used the “Blacklisting status” tab to check that the site is only blacklisted by Google.
Then I submitted a request to Google Webmaster tools to review my site to get it removed from the blacklist.