In my view, the best way to ensure your fix wordpress malware virus that is is via using a WordPress backup plugin. This is a fairly inexpensive, elegant and easy to use way to make sure that your website is accessible to you.
The approach, and the one I recommend, is to use one of the generation and storage plugins available on your browser. I think after a trial period, you need to pay for it, although many people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate secure passwords for you; you use one master password to log in.
There is see here a section of config-sample.php that's headed"Authentication Unique Keys." There are. There's a hyperlink inside that part of code. You want to enter that link into your browser, copy the contents that you get back, and then replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically create a"logged-in" cookie for your website.
Note that you should try this step for setups. You will also have to change all the table names within the database, if you might like to get it done for installations.
Oh . And by the way, I talked about plugins. Make sure it's a safe one, when you get a new plugin. Don't install any plugin simply because the owner is saying that plugin can help you do this or that. Maybe use a test site to look at the plugin, or perhaps get a software engineer to examine it. This way you'll know it isn't a threat for your business or you.