Malware

Virus or function - uniplacer.php how to remove?

Good afternoon
Help to cure the site, what is it, who to treat wordpress, centOS, hoster support?
I picked up a virus from an advertising exchange on the site, the uniplacer.php file and a folder with a bilebird name appear. Appears on its own, Wordpres 4.9.10, advertising seems to not even be shown - I went to my urls which in the file with the base I
execute the command
find . -type f -print | xargs grep "uniplacer"
finds

./биллибирдакакаято/Update.php:  require_once($_SERVER['DOCUMENT_ROOT'].'/uniplacer_config.php');
./биллибирдакакаято/Update.php:            // Начнём заменять файлы, кроме файла Update.php - он заменится хвостом в uniplacer.php
./биллибирдакакаято/uniplacer.php:#_ZIP_NAME_uniplacer.php_#  // Строчку убирать НЕЛЬЗЯ - это идентификатор файла для скрипта обновления
./биллибирдакакаято/uniplacer.php:require_once($_SERVER['DOCUMENT_ROOT'].'/uniplacer_config.php');
./биллибирдакакаято/uniplacer.php:	* @var UniplacerCharset !!! Внимание !!! Конфигурится в uniplacer_config.php константой _UNIPLACE_CHARSET_ или при вызове конструктора.
./биллибирдакакаято/sync.php:require_once($_SERVER['DOCUMENT_ROOT'].'/uniplacer_config.php');
./биллибирдакакаято/sync.php:require_once($_SERVER['DOCUMENT_ROOT'].'/'._UNIPLACE_USER_.'/uniplacer.php');
./wp-includes/images/smilies/icon_angel.gif:	require_once($_SERVER['DOCUMENT_ROOT'].'/uniplacer_config.php');
./wp-includes/images/smilies/icon_angel.gif:	require_once($_SERVER['DOCUMENT_ROOT'].'/'._UNIPLACE_USER_.'/uniplacer.php');

obviously villainous code is inserted into the picture
I do

find . -type f -print | xargs grep "icon_angel.gif"

finds

./wp-content/themes/basepress/footer.php:        <?php include('/usr/www/mysite/wp-includes/images/smilies/icon_angel.gif');?>