Some search results for Troj/JSRedir-BV:
https://secure2.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~JSRedir-BV/detailed-analysis.aspxhttp://www.pc1news.com/news/1512/ebay-spam.htmlLooks like something that appeared back in 2010.
My guess is that you accessed some page with malicious javascript embedded, and somehow the thing managed to stay in memory until your next login to blockchain.info, where attackers could get the password and the encrypted wallet. Or it may have been a trick using iframes, not so sure if that's possible and how it works.
Malware that replaces the JS files executed by the browser when on the blockchain.info wallet could also do it (since the thing runs on lots of JS), but from what I remember blockchain.info implements file signature checking to prevent tampering (or am I confusing with a browser extension that actually does that?).
Or you simply got tricked into logging in to a blockchain.info site that wasn't actually the true one... but that wouldn't get them the encrypted wallet, and your username and password alone wouldn't be enough because of the two factor auth thing.