The task is simple. Two of my Wordpress sites (that I know of) have been malware damaged. Sadly, there are no backups since I assumed incorrectly that the hosting service did periodic backups. The hosting support are recommending an account restoration, which sounds to me a lot like putting it back to the day I arrived. This is not acceptable.
Hence, your task is to 1) restore the damaged sites, 2) locate the malware and remove it, and also if possible 3) identify the plugin that caused this destruction from a list of possible culprits that were installed just prior to this happening. It would also be highly desirable if you can 4) identify any other plugins likely to cause such vulnerability.
Please only apply if you have previous experience of this sort of work. This is not a "learn on the job" project. You already need to be an established expert in this area.