The two options are possible, either your machine, or your blog.
Testing against this is pretty easy : open your dashboard with another computer using the same antivirus as the previous computer.
If something is still found, good news, your computer is safe, bad news, your blog is screwed up ??
If you really, but really really really want to know where the virus comes from, there’s a way to do it, testing smaller and smaller bits of your contaminated page.
Open your virused page. Ask your browser to save it as html to your hard disk. Open the local html file in your browser, it should still trigger the virus alert. Next use a text editor (notepad, notepad++, etcetera) to open the html page. Save the first half to a new html file, the second half to another html page. See which of the two new files generates the virus alert. Open again the virused new file, split it in to again. And so on, until you narrowed the virus alert to the smallest possible string of code : that will be the one containing the culprit.
Mind you, it’s possible that a smart attacker used another component to trigger the virus, keeping the real source of infection quiet.
The solution, in such cases, is to remove everything by FTP, change ALL the passwords related to your account (FTP, admin, email, SSH too maybe)and reupload from scratch.
You’ll need to backup your database of course (wordpress plugin wp-dbmanager, I’d recomment, reinstall it to the blank state of a reinstalled blog, and re-load the database with it), and perhaps your blog template (but maybe it’s the blog theme that was contaminated).
It’s a serious business, check my reply against the other replies you’ll also get ??
