You never know what malware is going to do. You could look up sandbox reports of what it did, and then end up with a modified version of the malware. Better to backup stuff, nuke the OS, and start fresh/change passwords on important stuff. Persistence can be a bitch to track down, better to nuke.
Take this as a learned lesson, and do better next time.
Back in the early 00's I caught thousands of infections.. I think somewhere around 3000 infections removed at once was my personal best. Live and learn.