how do I remove this malware / should I reset PC?
I accidentally ran a fake Valorant skin changer / suspicious Roblox-related file, and within minutes my Discord started messaging everyone scam links. Some accounts like EA/Roblox/Instagram were also targeted.
I found a suspicious folder here:
C:\Users\[my name]\AppData\Local\Microsoft\OfficeBroker
Inside it there was a svchost.exe, but I know the real Windows svchost should be in:
C:\Windows\System32
I deleted the OfficeBroker folder in Safe Mode, but after restarting it came back again. In Task Manager, normal svchost processes seem to open to System32, but this OfficeBroker folder still exists.
I changed passwords, enabled 2FA, cleared Chrome cookies/site data, checked extensions, and I’m avoiding logging into important accounts on the PC.
Should I keep trying Microsoft Defender Offline Scan / Malwarebytes, or should I just do “Reset this PC → Keep my files”? Also, what else should I check for persistence/startup items that could be recreating this folder?