RO is not a hindrance to drugs

Similarly, you need to contact the author https://geektimes.ru/users/Nick0las/ , I also have no opportunity to write a message. Help, who can!

I'm not a security expert))) But what if the problem is not in the site, but in the domain. Those. did the domain get into the Yandex database as a malware distributor?
As for the WP itself, install the Wordfence plugin and crawl the site.

Are you sure that the problem is in Wordpress, the attackers could not get to you anymore? For example, having stolen MySQL or FTP accounts, change passwords if possible.
I assume that there are no rights to admin actions due to changes in the database : roll back to the backup or manually view suspicious entries. It will not be superfluous to look at the history of queries to MySQL, if possible on the hosting.
Everything was logically done with the files, I advise you to remove the extra permissions for recording and execution.
If you can't find anything inside, then check the site for holes from the outside using https://metascan.ru, https://detectify.com or https://acunetix.com.These are online security scanners and will give you more detailed security hole reports than rescan.
Yes, and the problem is not in the domain, as mentioned above, the domain was blacklisted due to the installed redirect, which is logical.

Are you sure that your site is really infected?
yandex does not write anything about any mailware
The report of this 'supposedly antivirus' does not contain any details of replaying this redirect, etc.
Add a site here and see what happens
https://webmaster.yandex.ru/site/diagnosis/checklist/

I recommend putting RSFirewall on the site! WordPress plugin It will systematically cut security holes.