Tor is a tool for anonymizing network connections. That means it’s used in tools designed to protect your privacy (like Brave and Tor Browser), and also in malware which wants to hide its command-and-control infrastructure. If these AV vendors are classifying the standard Tor binary as a threat, that’s a false positive, and they should fix it.
Not sure what’s happening when you try to use private windows with Tor after deleting the Tor binary. What happens when you visit https:/check.torproject.org after deleting the Tor binary?