Nice hack! (actually not)
Good thing you have a backup. Not many don't.
If you've got a backup you shouldn't worry.
Just restoring and uploading the files and overwriting current files is not safe enough.
Couple of steps I would take:
Clean your Internet browser cache first.
Scan your current backup with your (updated) virus scanner on your computer (you don't want to upload the virus yourself)
Change your admin password (make it strong!)
Change any FTP passwords and make them strong too.
Back up your site (and database) again. Make SURE you don't overwrite your GOOD backup! You can use this for further reference.
Fully delete your WP install (you've got a backup right?)
Check the root dir of your host for files that should not be there or were not there.
Once that's done, you can upload your backup files.
Once that's done, your site should be working again.
You're not done yet...
Now you need to change your "Secret Keys" in your wp-config.php file. For this you go here: https://api.wordpress.org/secret-key/1.1/salt/ (this will invalidate any cookies on malginant computers who would still be able to log in).
Copy paste those in the wp-config.php file.
Now change the password of your WP MySQL database. Of course both of the database and then in your wp-config.php file.
Site still up and running?
If so you should change your admin password again (WP backend).
Follow these steps one by one in this order and you should be OK.
Did I miss anything?
Good luck (just had the same problem)