Malware

An incomprehensible beast (a virus that is invisible) wound up on the site and I can’t catch it, what should I do?

Hello dear experts of the site Toaster. I got a big problem with the site. Usually I find viruses and click like seeds, vulnerabilities are also not bad, but then a strange beast got caught. How it all started on the points:
1. I gave the task to fill the site and the person writes to me that the topic has changed and he did nothing.
2. I sat down at the computer and restored the site, started working with it, and during the work the topic crashed again. I thought that it works for some kind of action of viruses.
3. Restored and while the site was working, I began to read about this virus in google. At the same time, I launched all the scanners that I knew for redirects, shells, set up maximum protection in itheme security, checked the holes that I closed with handles.
4. Google didn’t work, and the scanners didn’t show anything special. There was one online scanner that gave a report with errors, but now it’s difficult to duplicate them, since we rolled back and tied it hard to the ip admin panel.
5. In general, we updated everything manually as much as we could, and redid the remaining files and the database, nothing suspicious was found in the logs.
It appears that the scrap was purposeful and very accurate. Moreover, letters have recently become more frequent that they are trying to change the password in the mail and Google has blocked it.
In general, the situation is this, the theme on the site changes within 10 minutes to 2 days by itself, I did not find any viruses, holes too, everything is updated to the latest version, the WordPress engine, third-party plugins, the necessary minimum costs.