A typical DDoS (Distributed Denial of Service; which is a subtype of the broader class of Denial of Service attacks) will simply flood a host, or its network connection, with data. It's not uncommon for the data to be completely meaningless, and for it to never even reach web server software if indeed the host; the aim is normally to prevent others from reaching the system, not to cause further damage. It's not at all uncommon for the data to be transported using UDP instead of TCP; for one thing, as UDP doesn't have TCP's three-way handshake, spoofing the source of significant amounts of UDP traffic is easier.
It's a brute force approach: if the attacker can generate (possibly through the use of traffic amplification attacks) more traffic than the attacked host can soak, the attack is successful.
As such, as long as the attack is only a DDoS attack, once the overload situation is resolved (by whichever means), there would typically be no remaining issues that didn't exist before the attack began. If the server has crashed due to traffic overload it would need to be rebooted, but that's really about it, and nothing you as the customer of a shared web hosting package would need to concern yourself with.
There's a small possibility that the attack actually uses legitimate HTTP requests, in which case the web server logs will likely be oversized and could benefit from being purged. But any competent web host should be rotating logs on a recurring basis anyway for a variety of reasons, and again, it's unlikely that this is something that you as a customer will be able to control or do. You certainly shouldn't need to concern yourself with it.
There absolutely are classes of attacks that cause lasting damage and necessitate different types of repair activities, everything from restoring from backup to a complete rebuild on an updated or patched platform; but a DDoS would not typically be one of them.