Our clean ups are not done automatically.
When we say a site is “infected”, it’s because malicious code has been added to the site. In order to clean things up, we need to login and remove this malicious code from the site’s files.
Because this process involves modifications to your site, we always want your previous authorization before touching anything. We by no means want to get in the way of any work you could be doing on your site. So, when you open a malware removal request, you are saying “it’s okay for you to work on my site now”.
And lastly, we don’t store passwords, another reason why we are not able to clean up automatically. However, even if we did store passwords, they are supposed to be changed after even clean up so we would always need the new one anyways.