The first step in dealing with a hacked site is to go through everything. Often hackers will open up backdoors so they can easily reinfect your site after you debug it the first time. Some sneakier hacks will actually cloak the hacked pages so only first time visitors are impacted and you won't see the hack on your repeat visit.
Once you are 100% sure that everything is clean, lok at what is triggering the malware warning sign. These warning pop-ups can be generated by Google for people clicking through the serps or they could be generated by anti-virus programs.
How much time has passed since you made sure everything is 100% clean and secure?