If you do a Google search, you will find many topics on this.
Here are some links:
First read this: http://codex.wordpress.org/FAQ_My_site_was_hacked
Then take a look at these links:
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
If you have access to your database, login using PHPMyAdmin and change admin username / password, delete users you don’t know and change password for rest.
Then start the process of backing up data and do a clean install.
Note. If you can’t find out how they got access to your site, doing a clean install and putting back data, will still leave whatever hole open.
Also not that backdoors (links / code) could have been added to your posts, so all content must be checked before you import exported data.