Our clean ups are not done automatically.
When we say a site is “infected”, it’s because malicious code has been added to the site. In order to clean things up, we need to log in and remove this malicious code from the site’s files and database.
Because this process involves modifications to your site, we always want your authorization before touching anything. So, when you open a malware removal request, you are saying “it’s okay for you to work on my site now”.
And lastly, we don’t store passwords, which is another reason why we are not able to clean up automatically. However, even if we did store passwords, they are supposed to be changed after every cleanup so we would always need the new password.