Since scare tactics seem to be what drives some people to take fix wordpress malware fix a bit more seriously, or at least start thinking about the issue, let me shoot a couple of scare tactics your way.
There are numerous ways to pull off this, and many of them involve re-establishing much more and databases and FTPing files, exporting and copying. Some of these are very complex, so it's imperative that you select the best one. If you are not of the persuasion that is technical, then you might want to look into using a plugin for WordPress backups.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more if you make changes and regular additions to your website. If you have a community of people which are in there all the time, or make changes multiple times a day, a backup should be a minimum.
Now we're getting into matters. You have to rename it to config.php and modify the file config-sample.php, when you install WordPress. You need to set up the database facts there.
Don't use wp_. Web hosting providers are currently eliminating that default now but learn the facts here now if yours doesn't, fix wp_ to anything else but that.