Hello,
Usually, the source of infection are vulnerable CMSes (like old Joomla versions or vulnerable Wordpress plugins) and there are per-account (per-cPanel) infections.
I clean and secure malwared websites/hosting accounts on daily basis, so why not to clean and secure yours? Just let me know.
Of course, I'm fixing vulnerabilities also, not only removing malicious files or injections.
Looking forward to hearing from you,
Adam