Don't I wish that BPS or any other plugin could actually do that after the fact. ;) Unfortunately, that is not possible. Professional hacker payloads include hidden backdoor files that are not detectable by any scanners or other means, besides of course human peepers. It is a needle in a haystack thing that is more time consuming than doing a new installation of WordPress. You could of course try to delete all WP Core files and upload new ones and may get lucky. ;)
If you have a backup of the site that you know it is 100% clean then restoring files and your database is a pretty quick process. Delete all of your old site files when doing a file restore.
If you do not have a backup that you know is 100% clean then do these steps:
Make a complete backup of your site files and database.
Take your site offline / put it in maintenance mode / etc
Delete all old files and your old database.
Change your FTP and Host account password.
Install a new WordPress site with a new database.
Reinstall all your plugins.
Import your old WordPress content database Tables ONLY:
wp_comments
wp_links
wp_postmeta
wp_posts
wp_terms
wp_term_relationships
wp_term_taxonomy
wp_usermeta
wp_users (make sure there are not any Admin user accounts that you did not create)