My PHP-based site has become noticeably slow and sometimes unresponsive—classic signs of an infection. I ran an antivirus scan myself, confirmed the presence of malicious code, and stopped there. A full, up-to-date backup of both files and database is ready, so you can work with confidence and roll back if ever required. Here’s what I need from you, working 100 % remotely: • Track down and eliminate every infected file or snippet, including anything buried in the MySQL database. • Repair or replace any damaged PHP core files so the application runs exactly as it did pre-infection. • Harden the installation—closing backdoors, updating permissions, and applying best-practice security tweaks—to make sure the problem stays gone. • Validate the fix: the site must load quickly, show no redirects or hidden code, and pass an external malware scan. • Bring the site back online once we’re both satisfied it’s clean. You’ll have cPanel/SSH, phpMyAdmin, and SFTP access the moment we start. Let me know which additional tools you like to use—Imunify, Wordfence CLI, custom grep scripts—so I can prepare the server environment for you. Clear, well-commented notes on every change will be part of the final hand-off.