My hosting provider IONOS were the first to alert me to the XsamXadooBot and gave me the clearest instructions of where the malicious code was located. After checking Prestashop advice about deleting phunit folders, I deleted all those files.
However, while the front end of the shop is visible, I get a blank page of nothingness when I try to login to the back-end. I've sent messages to Prestashop for advice but I'm screaming into a void.
I'm about to jump ship to another platform and put this all behind me, but I'm giving it one last try. Is there anything else I can do with access only to the database files held by my IONOS and zero-access to back-end features?