Depends on where the malware is. If the code is on pages generated by WP ‘core’ because core files are damaged, then a reinstall of WP to 4.7.2 is the starting point.
Then I would reinstall all themes files, at least the active theme. You could manually install the active theme file in a new folder, then switch to that theme. But a reinstall of theme files (manually, via FTP) should overwrite damaged files.
I would also do the same thing with active plugsin: reinstall plugin files manually (via FTP) from ‘fresh’ files.
So if the core/theme/plugin files have been damaged, reinstalling manually will fix those files (and will give you the latest updates).
If you have not been keeping WP/themes/plugins updated to latest versions (um, bad dog), then there may be some theme/plugin database changes.
A full backup of everything is important to do – not just database, but core/theme/plugin files. You could download all of those to a local computer, then manually inspect the files for bad code. That might tell you where the infection is coming from.
Good luck.