Is it possible to clean malware from a hacked website?
Before answering, a critical distinction must be made:
A hacked cPanel account or hacked website is a very different situation from a root-level compromised server. Please review the following to determine which situation you are experiencing:
What is the difference between a root level compromise and a website or account level compromise?
If your situation is indeed just an account or website-level hack, it is technically possible to clean the account or site. Although, doing so requires a high level of skill, expertise, and an extensive amount of labor in most cases. In most cases, it is not worth the time and effort required to clean a website or account and the best option is to restore from a backup that was taken from before the account was compromised. More details can be found here:
What can be done if a cPanel account is compromised?
Other options that may consider are software that are designed to detect and clean malware such as Imunify360:
Imunify360 Malware Scanning and Cleanup
If malware is found on your website or account and Imunify360 is unable to clean the infection, you can open a ticket with support so that the Imunfiy360 developers can analyze the infection and improve Imunify360 so that it is capable of cleaning the infection.
cPanel is a reseller of Imunify360 so you can purchase a license from our store:
cPanel Store - Imunify360 for cPanel
If you purchase an Imunify360 license with cPanel, you would contact cPanel support for all of your Imunify360 support needs. If you purchase the license directly from CloudLinux (the makers of Imunify360), you would need to contact CloudLinux support instead.
NOTE: You do not need to have CloudLinux installed to make use of Imunify360 on your cPanel server.
It is possible to install ClamAV which is a malware scanner for free:
Install ClamAV Scanner
However, ClamAV would only detect the malware and the task of removing the malware would still be the responsibility of the server administrator.