The best way to fix this is to have a clean backup of your site’s files and database and set up a fresh wordpress installation. Change all passwords related to the site (hosting, domain etc.), close your current hosting account, set up a new one, and let your host know your site was compromised so they can make sure it hasn’t affected other sites on the server.
That’s plan A. In case you don’t have a backup…
Spambots usually add a code snippet to one of your theme/template files. They’re usually pretty benign – so if you find the snippet and delete, and then proceed with changing all your passwords, things might be ok. Common places are header.php, footer.php, functions.php, index.php – and if you can’t find anything fishy there then proceed with the rest of the template files.
If you find it, eliminate it, and the hack comes back in a week… that’s a real problem.
For next time, always use strong passwords, use a security plugin (I prefer iThemes Security), and always have a clean backup stored on a different server than your site is on.