I run a web hosting service and have extensive malware cleanup experience.
I charge by platform and site complexity, so an average Wordpress site runs $30 while a heavily modified Prestashop site may run $150-$200.
There are caveats to cleaning malware that apply to all versions of all software:
If core files were modified, in the site software or plugins, so upgrading to a version without exploits is not feasible, then I will not take the job, as the site will just get re-infected and we all waste time.