Regarding the cleaning of the domain from the database, this is absolutely not a problem, it usually takes from 2 days to a week.
1) Attach your clean site to the domain,
2) add the console and Yandex webmaster to the Google console, in both systems there is a site check for viruses. Apply for a site review.
3) ESET. Information is on this page . They need to unsubscribe to their email (preferably in English) that the site is false positive.
4) Sophos AV. Go to this page , select "Web Address" and fill out the form, write in the comment that "false positive url"
ps. If another antivirus is added, then we look for the antivirus website and feedback forms or support mail and unsubscribe there with the mark "False Positive Submission". Usually companies respond within 1-3 days and remove the site.
ps2. From my own experience, I will say that it will not affect the history of the domain, I cleaned more than a dozen sites from viruses, closed holes. Then he unsubscribed to antivirus companies and the site returned to the search engine and back to the search tops (of course, if it was there before =))

reg.ru handles dns in a strange way. If you, for example, enable https through their lk, then ns will change. If there was one ns record, then you changed it, then in the course of editing dns you may find that the old ns is being distributed again.

Hmm, when buying a domain, they ask you which NS servers you will use. reg.ru has several NS servers, those with "hosting" for their hosting service, those that are just ns1.reg.ru is a regular DNS hosting (free for regru clients). Accordingly, if you transfer the domain to the hosting NS, then it will be tied to the service, if such is registered (I agree, it’s a cant that they didn’t check that the service belongs to the domain owner). So it turns out carelessness + features of hosting NS