The alert during the last week may have been triggered by someone looking to exploit weaknesses in the city government's computer system, city officials said.
Officials said someone tried to access the D.C. Community Calendar application on July 31, The Washington Times reported Wednesday.
The attack was resolved within a day and did not compromise any personal information or pose a threat to users' computers, Ayanna Smith, spokeswoman for the office of the chief technology officer, said.
But people logging onto apps.dc.gov were greeted with a message from Google, which trolls the Web for potentially dangerous sites, which warned: "The Web site you are visiting appears to contain malware."
Small businesses are more often targeted by malware attacks than larger entities, an online security expert said.
"I wouldn't say we see it extensively on government sites," said Maxim Weinstein, executive director of Stop Badware, a non-profit organization that works to eliminate malware, spam and other invasive Web applications.
It is not uncommon for warning messages to linger after an issue has been resolved, he said, calling ongoing attention to what can be an embarrassing situation.
The city's technology office is working "diligently" with Google to take down the message, Smith said.