The 1st one, hosting provider cannot do anything and advice my client to rebuild a whole website..again...the 2nd one, the hosting provider said will restore and backup to previous data..we'll see how it goes..Simple option to get back to clean state is restore an old backup dated back when site was clean.
Most hosting providers have Acronic automated backup system or R15 or some other daily backup system provided for every client including shared hosting clients. Make use of it and restore an old backup from this daily backup server.
And after restoring backup, just secure your websites with higher security.
Some of them are basically to use a stronger password, use two factor authentication for cPanel login and also on websites.
Use directory privacy setup inside cPanel for all sites hosted under it. So, whenever someone tries to login to your wp-admin link, it will popup an additional dialog box with username and password you have chosen for directory privacy and only after successful login of that dialog box, the wp-admin login page will appear for the wordpress site.
Also, change default admin username to something non common. And change the wp-admin login link to something different.