the best way is just to restore the website from your backups (backup from the time when your site wasn’t infected), other than that as the last answer suggested, like wordfence there are many plugins that will scan and remove infection, other than that remove any suspicious plugin or theme and reset your password, If you are not using any reputed hosting then also consider switching.