1) First, do you have a “clean” back-up of your site, if so, just restore it from that.
2) If #1 doesn’t apply, do the following, check all .htaccess files, index.php files and any include files or theme files you may be using.
3) Remove any code that you find in your “legitimate” files that matches any of the following (Note – this isn’t an all exhaustive list, it’s the most common issues I’ve seen):
4) Look for any php files in any image, css, upload, download, etc directories that would not normally have a php file in them. Check the file contents for base64 strings and thing that point to it being a php shell such as “FilesMan”, “c999sh”. If you find files like this, DELETE THEM.
5) Once you’ve cleaned your site – UPGRADE it if you are not running the latest version to remove any possible publicly available vulnerabilities.
Hope this helps