Here are a few steps, even though you have to move in the process towards whatever is necessary.
-
Step 1: Backup wp-contents folder and the files
-
Step 2: Backup credentials at wp-config files
-
Step 3: Find and delete unwanted plugins and theme files, if anything is suspicious.
-
Step 4: Delete the default WordPress files other than wp-content folder.
-
Step 5: Reupload those files manually and replace wp-config.php with the previous one, otherwise database connection error will happen.
These are the most common steps to get rid of a virus, depending on the type of script they are using, or the location of of infected file, your steps will differ.
If the attacker has planted a file in the server storage, and you are using a shared hosting, you might need to change your hosting to get rid of it.
Hope this helps.