Malware Infected Processes Recreating Corrupted Files

I have a huge problem which I probably should post on the cPanel forum but I cannot receive their password reset emails for reasons unknown. The problem appears identical to this one and this one neither of which appear to have been truly solved. I have tried manually deleting files in file manager, enacting all security measures recommended by WP Toolkit, reinstalling WordPress Core via WP Toolkit, and of course changing passwords none of which seems to work because a process keeps recreating the corrupted files and/or changing their permissions.

To make matters worse I am unable to kill all processes for the user account infected by this malware. The infection appears limited to just one cPanel account with every site under it infected but other sites run by other cPanel accounts are just fine.

When I go to Home/System Health/Process Manager in WHM, select the user impacted, and click the kill button I receive the following error message:

“An error occurred processing your request:1”

I’ve tried killing individual processes one at a time but new ones just keep being created. There are often two processes that appear identical running at once (ex: php-fpm pool example.com). Is there a way to ban that user from creating new processes before suspending and unsuspending the account so that the user won’t have any processes?

I tried suspending the account but that keeps me from being able to delete anything from the file system for that account at all due to WHM lacking a GUI for file management. I’m not too CLI savvy, so ideally this should be a simple issue of clicking a button in WHM but as everyone eventually learns that is rarely enough.