It sounds like it works by doing what it’s theoretically supposed to do-- scan all the files on your system for specific signatures, then send those signatures back to the mothership for disposal. They just added signatures that were of interest to the GRU. If they added a rootkit as well, that would be unusual behavior for a legitimate antivirus program, and would invite suspicion, which is the last thing they want.
So yeah, uninstalling oughta do it.
I hope to see more info on the technical underpinnings of this trojan horse. How did they scan for sensitive information only? Was it spearphishing? How did they exfiltrate the data? Etc. Fascinating stuff.
Also, did Kaspersky know about it? I can’t imagine they didn’t, and even though this will absolutely destroy their business, put their company and (excellent) products deep in the ground, I imagine the Kremlin didn’t give them much of a choice.