An unknown virus that cleans wp-load.php turned out to be not so terrible, but it did a lot of trouble, namely, all sites on the server were infected. Virus code at the link
The main symptoms of the virus:
Empty file wp-load.php
wp-admin/css/css.php - if you see it, then the virus is already fully integrated and the cleaning itself will begin.
In the wp-content folder and also in subfolders (of all) - you will find
the function-class.php
.class-wp-cache.php files,
some index.php files (where they should not be, especially in the uploads folders)
They will contain contain the code which is by reference.
Simply deleting these files will not help, since they are created anew, you need to go to wp-load and delete everything related to 'WPTemplateOptions' and also look for this phrase in the theme folder, usually there is no virus code in the function file, only path, so you need to check it with the original, in my case, the path to the file with the virus was added to the function file at the end, it was called class.php , I found it when checking.
And so what needs to be done is to delete the wo-admin folders, delete the wp-include folders, since the virus is in the subfolders and it is usually called the name of the folder in which it lies, so the fastest is to delete it, overwriting will not help. And fill it with a new one from the original archive.
It is also desirable to replace the WP files in the root folder.
Next, look in the wp-content folder for these two files: function-class.php | .class-wp-cache.php and the folder with plugins and uploads additionally the index.php file. We delete, I deleted using Filezila because the hoster with a poor file manager without searching.
And finally, we look in the same folder for files that begin with . (folder name), that is, the virus creates a file that has the folder name but only with . at the beginning, for example theme/astra/.astrap.php
This is the only way to get rid of it, check all sites that are hosted, as the virus spreads throughout the server and does not show itself for about a week.
It is important that no plug-ins detect this virus, nor even virusdie via ftp and other built-in from the host also do not detect it.
It is important to remember that if your wp-load.php has crashed and the site is covered, then the server is completely infected and others will continue to be covered.

The Wordfence plugin does a good job with this virus - it found all 540 files created and modified by it, and also helped to delete these left files and restored the modified ones!