I have also changed MySQL passwords (and updated both wp-config.php and bb-config.php (buddypress/bbpress user don't forget this), admin passwords, cpanel passwords and changed auth salt keys in wp-config.php. I suggest everyone not skip these tedious step for protection. I have cleared my browser's cache and the warning is still coming up for me (on Mac - Chrome and Safari) but not for my P.C. using colleagues. I am super paranoid and this has triggered a delusional bout of paranoia. Have I missed anything?
Oh, and Google webmaster tools doesn't, and hasn't ever "found" any malicious software on my site. Where are the warnings coming from? Who is issuing them, as google apparently never found anything wrong with my site?