Hey my wordpress site got infected. I found many malicious file in the wordpress folder that made my site down thats why I updated my wordpress core files manually.

The site is up and running now but I can see that it still creating a user automatically.

Do you have an idea how can I locate this wordpress virus that create users automatically?