The method is universal - we isolate the infected machine from the network (by any means), we treat it with an antivirus, if it does not detect it, we send a sample file to the support of the antivirus manufacturer, let it be added to the signatures. And so it is with all cars. And be sure to find a way how it got on the car, and how it spreads - and fix the problems, otherwise everything will happen again. Updates, policy rules, firewall settings, etc.
In the meantime, it is not detected by the antivirus - we take uVS, and it will definitely find where it starts, and where it lies, and what processes it is being introduced into, and all this can be deleted. The main thing is to read the documentation! Otherwise, you can ruin the system, worse than a virus.
If the name of the executable file is the same, it is easier at the initial stage to set up a policy for limited launch of programs - i.e. either determine the name/hash of the file prohibited from launching by domain policy, or simply distribute and apply the reg file with settings. Run attempts will continue, but this file will not run, regardless of user rights. Of course, if this process launches another malicious process, and it controls the launch, then it is necessary to block it.

make it like a virus - remove it on one, and spread the method to all machines