There seems to be a solution here:
https://bitofwp.com/security/how-to-trace-and-clean-the-monit-php-hack/
Apart from cleaning all of your WordPress site files from the malware redirect hack and deleting the monit.php file under the plugins directory, you will also need to access your database using phpMyAdmin, then browse to your wp_options database table and search for the following option_name records:
default_mont_options
ad_code
hide_admin
hide_logged_in
display_ad
search_engines
auto_update
ip_admin
cookies_admin
logged_admin
log_install
Finally, if you find any of those records present delete them but first make sure you have created a backup for your WordPress site first(both the site files and its MySQL Database).
The last step is to remove the admins_ip.txt file found in the plugins directory as well.
