For fixing WordPress malware virus in website, it is highly recommended to ask for helps from the professional. Fixing a hacked website is not an easy task at all. Furthermore, if your site gets reported as a malware distributor, you could receive a 30-days ban, as the hackers would use your backdoor to install codes which might distribute malware to the visitors. That is why cleaning up a hacked site is more important than ever, in these days.
Here are the steps, if you have planned to clean the site all by yourself
Step 1: Backing up the database and site files
Step 2: Downloading and examining the backup files
Step 3: Deleting all the files of the public_hlml folder
Step 4: Reinstallation of the WordPress
Step 5: Reset the passwords as well as the permalinks
Step 6: Reinstalling the plugins
Step 7: Performing the reinstallation of the themes
Step 8: Uploading the images from backup
Step 9: Performing a scan of your computer
Step 10: Installing and running the security plugins
All of those steps mentioned above could help to get you out of this annoying situation, yet a single mistake in any step may lead to lose of all of the site data. That is why we are recommending to go for a WordPress professional to resolved a hacked website.
Monitoring your site
Stay on top of Google Search Console notices as well as any error logs you find on the server after your clean up. You can look to your Raw Access Logs on the server to track any users accessing files on the site, particularly POST requests. If this is not turned on, you can turn archiving of Access logs on in your cPanel