I think malware is being passed on my new host. SQL injection?

Hi guys,

In recent days, I've published a lot on a WordPress malware attack that basically ruined my shared hosting account, with 16 domains.

Since then, I have opened a reseller account and I am moving the owner of the sites. On the notice of some posters, I use the plug-in All-in-One WordPress Migration, but I make sure to export only the publications (ie What I disable options to export themes, plugins or even essential WordPress files, as these could all be corrupted).

I just checked out the file manager and noticed some suspicious .txt files in / wp-content that looked like the activity I saw earlier:

View post on imgur.com

Does this mean that the malware has been moved to the new host? And if so, does this mean that the SQL databases that I reported were themselves corrupted and loaded into the new file system?