when google mark a file as malware?

Question 1

Sorry for the vague answer, but without more details I can't be more specific. In general there are certain patterns and code techniques that are commonly used by malware to overflow buffers in browsers, thus giving the attacker control of the system. The Javascript itself is just used as a conduit to the browser. Often, Shellcode bytes are encoded into javascript for delivery to an unsuspecting user's browser. If you have encoded data being delivered through Javascript, it may appear as suspicious to Google's heuristics engine.

It is also possible that you are using similar techniques to poisonous scripts (sometimes used for Cross-site scripting (XSS) and Cross-site request forgery (CSRF)) to accomplish some of your work, and this is a good way to get flagged by Google.

Another possibility is that your website code is fine, but it has a security hole that causes Google concern because a malicious user can exploit your site. To determine this I recommend using a web scanner such as Nikto, Burp Suite (my personal favorite), Acunetix, etc. to try and find security holes.

You can also find a lot of great info at OWASP

I hope this helps, as having your site flagged by Google can cause a lot of frustration and anxiety. Good luck!

Question 2

If Google says they found malicious (or suspicious) code in your files, there is malicious or suspicious code in your files.

Sorry but, Google doesn't scan for vulnerabilities - only bad code already existing on your site. Without knowing more about your website, operating system, software, etc. it's impossible to give you more information on how it happened.

If they detected it in your .js files, you may have a document.write statement either at the very beginning or the very end of those files. The problem for you is that even if you find and remove the infectious code, you still don't know how it happened. Without knowing that and taking steps to prevent it, it will return.