Cloning, as it applies to fix wordpress malware virus, is the act of creating an exact copy of your WordPress install. What is good is that with the correct software, you can do it. There are a number of reasons why you might want to do this. Here are only a few.
The one I recommend, and the more powerful approach, is to use one of the password generation and storage plugins available on your browser. RoboForm is liked by people, but I think after a trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox read this post here or Internet Explorer. That will generate secure passwords for you; then you use one master password to log in.
1 step you can take is to delete the default administrator account. This is critical because if you don't do it, a user name that they could attempt to crack is known by malicious user.
BACK UP your site frequently and keep a copy on your own computer and off-site storage. Back up every day if you have a website that is very active. You spend a lot of money and time on your website, do not skip this! The one complete solution that does it all is BackupBuddy, no additional plug-ins back up widgets your files, database and plugins. Need to move your site to another host, this will do it!
Do your homework and some searching, but if you're pressed for time and want to get this done once and for all, try the WordPress security plugin that I use. It's a relief to know that my website (and company!) are secure.