Nonsense. I deal with virus and other malware threats all the time, and wiping the hard drive has only been needed once (and that only because the design of the computer didn’t allow the hard drive to be detected if you booted from BART). Malwarebytes will find anything that active malware and a simple system restore will remove anything that it might miss.
I helped my in-laws through a nasty infection. Malware and virus scanners kept saying they fixed the problem but it kept coming back. It turns out it had infected the boot-sector virus and it would reapply itself on each reboot. The boot-sector is a special place on the disk and is not the main sector. The virus scanners found the virus on the active system, but they didn’t find or clean the boot-sector copy.
So if someone actually had login access to a system, I would think they would put whatever maximum infection they could. Boot-sector virus, root-kits, keystroke captures, whatever. They don’t have to work through quirky memory overflow hacks. They could just write whatever they want wherever they want.
Heck, there are products anyone can buy to capture keystrokes and screenshots and have them emailed to you. When they install, they update virus/malware files so that they aren’t flagged as a virus. Look for keyloggers and you’ll find plenty of products which do it. Some are meant to work secretly and won’t show up in virus scans.
That’s why to be 100% safe, you’d have to do a complete format. You’re probably safe with just virus/malware scan, but you can’t be sure.
Probably the least-hassle way to deal with this will be to have him approach the FBI, identify himself as a former associate of known Maryland crook Spiro Agnew, and ask to be placed in the Witness Protection Program.
Oh, and get him a new computer.