thanks for the reply..
i'm currently working on this thing..
but the real qustion is, how do they got into my wordpress site.
i found the <input type=file> inserted in my functions.php file.
and this is the way i think how they upload a shell or something.
but how they can add this <input type="file"> thing...
and also, is this virus or whatever we call it affect just my sites or anyone out there got the same problem from same kind of virus.