The fix wordpress malware plugin Codex has an outline of what permissions are okay. Directory and file permissions can be changed via an FTP client or within the page from the hosting company.
There are many ways to pull this off, and a lot involve copying and FTPing files, exporting and re-establishing databases and much more. Some of these are very complex, so it is important that you select the best one. Then you may want to look into using a plugin for WordPress backups, if you're not of the persuasion.
I don't think there's a person out there that after learning find here how much of a problem WordPress hacking is that it's a good idea. However Bonuses is that when it comes to securing their blogs, bloggers seem to be stuck in this reactive state.
Note that you should only try this step for setups. If you would like to do it for installations, you'll also need to change the table names within the database.
Do not use wp_ as a prefix for your own databases. That default is being eliminated by most web hosting providers but if yours does not, fix wp_ to anything else but that.