Likely the infection came in via wordpress, it is a system that is under constant probing for weaknesses and vulnerable websites are easy to find.
If your web host has told you that you have file infections, the least they can do to assist is to tell you what files (and their paths) are infected with what warning messages. That is a half-****ed approach to web hosting, its fine for them to take your money but when the SHTF, they put the onus of resolving the problem on your door step when it is fundamentally their job to resolve the problem, thats what you are paying them for as part of the maintained service. If this was your own server at your offices or home office then it would be your problem for sure.
So your response to them is to help you identify the files, you get a copy of that file downloaded and you look to see if theirs been code added to that script through a weakness in the post system.
As another possibility, I had a website and the htdocs folder removed from my website in a time when I had no internet access.
This turned out to coincide with the host company doing a special offer of 3 months free, it was impossible for me to remove the folder as I didn't have the rerquired permissions to do so yet the company said it was my fault and tried to wash their hands of the problem, eventually when it came around to fee collection time I told them to stick their S****y hosting service where the sun don't shine and spin on it.
So you have the power of upping sticks and moving to another host provider as these companies often think that you are only with them because you don't know any other service. So give them the ultimatum that they need to provide details of these files or you will just go to another provider because their attitude is not helpful nor have they provided adequate level of service or advised you on where these files have been flagged.
If they are that bothered, they do have the option of taking your site offline altogether.