I’ve cleaned up a few hacked sites, and have developed my own personal procedure here.
But there are many googles on how to clean up. The basics are change the passwords of everything (hosting, database, FTP, users), reinstall WP and all themes/plugins from a known good source (WP repository), and manual inspection for bad files.
It’s a bit of work, but I’ve been successful. The link in the comments is also a good place to start.