One way is to use a plugin like https://wordpress.org/plugins/better-search-replace/
Another is to sign into your hosted account and use phpMyAdmin which should be provided by your host.
Whichever or whatever, make sure you have a backup of the database.
I am no sure how you got rid of the malware but they usually leave a backdoor. You need to start working your way through these resources:
- https://codex.wordpress.org/FAQ_My_site_was_hacked
- https://wordpress.org/support/topic/268083#post-1065779
- http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
- http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources: