This thread (at this forum) may provide some information that you are asking about here.
I posted in post #7 in the thread.
I read that link you provided several months ago, interesting article.
From what I've read here and elsewhere, most malicious intrusions won't survive a format and OS reinstall.
However, I'd recommend going further than a format and reinstall since there are some types of malware that will survive a high-level ("quick") format of the HDD.
I read elsewhere in this forum where one member had been affected by a "Cryptolocker" variant. He formatted and reinstalled Windows (7, if I recall), and reloaded all of his programs/apps, customized his Windows environments, etc. When he tried to use his PC the next morning, the Cryptolocker ransom screen had reappeared on his PC.
He then deleted the partitions on the affected HDD, then reinstalled the OS. From reading that member's posts, that appeared to remove the malicious content.
One can boot from one of the various HDD/partition tools on bootable media, such as "Gparted", "Partition Wizard", etc. Then you can delete the partitions on the HDD before reinstalling the OS.
I like to use the "Diskpart" utility that's accescable either from the CMD prompt within Windows, or from a Windows System Repair Disc which has several menu options, one of which is accessing the CMD prompt.
Within CMD, you can run the DIskpart utility and then use the "clean" command which marks all content for deletion, including hidden partitions on an MBR disc. The command renders the HDD as "unallocated" so it will be ready to be restored with an Image or re-cloned from a known good spare HDD.
Also available is the "clean all" command, which is a one-pass secure erase command, writing 1/0's to the HDD.
Regarding BIOS/firmware/MoBo intrusions, from all that I've read here and elsewhere, the chances of being affected in those areas of Windows PC's are rare.
In the thread link provided at the beginning of this post, there are some steps that could be done if one's PC was affected by a rare occurrence within those areas of the PC or Router.
I'm not familiar with Routers but the first thing I'd do if I suspected a Router being compromised, would be to power it down for a period of time, then do a Reset, usually done with a paper clip used to push a Reset button, etc, once the Router is powered back up.
BIOS intrusions, I'd try the steps mentioned in that linked thread. Some MoBo's have a "write protect" jumper that prohibits access to the BIOS IC. My ASUS MoBo doesn't have that jumper but my BIOS IC is socketed so it can be easily removed and replaced.
There are online BIOS IC stores that sell BIOS IC's flashed with the MoBo's BIOS version of choice before shipping to the customer.
The CMOS IC (on the MoBo) can be cleared/reset by removing the battery on the MoBo.
It's possible for the PC's GPU BIOS or Optical Drive firmware to be affected, I suppose. However, these possibilities appear to be rare, if not exceptionally rare occurrences with PC's.
The best advice I can offer with this topic is to maintain multiple versions of one's complete HDD, via Imaging or periodic cloning.
I clone my Desktop PC every 2 weeks in addition to running occasional full-HDD Images.
My cloned HDD and my Image storage HDD are disconnected from the PC except during cloning/imaging processing.
If one has multiple HDD backup versions available, that provides a fast recovery method from almost any undesirable scenario, including virtually all malicious incidences, HDD failures, bad downloads, or user mistakes.
I've been affected by a couple of malicious intrusions over the years. In both cases, I deleted the partitions on my affected HDD, then cloned back to the same HDD using my cloned backup HDD from my shelf.
The first thing I did, when I was hit by malware, was to install my spare cloned HDD and booted up on it to insure the that malicious item[s] were confined to the HDD. From what I've read over that last couple of years about the subject, this will be the case with virtually all malicious objects.
Once the PC is running normally, then one can decide on the method of sanitizing the affected HDD.
If a rare occurrence had occurred, and my PC still had a malicious presence after installing my cloned HDD (or after restoring the affected HDD with a full-HDD Image), I'd look at the MoBo next, ie BIOS/CMOS reset.
It may also be possible that a malicious item could remain present in the RAM sticks for a short period of time, after shutting down the PC.
I'd most likely shut down the PC, disconnect the rear AC power, then press the front panel Power button and leave it pressed for a minute or so, to discharge residual voltages from the PC (ie MoBo/RAM sticks, etc).
The thing that's most important, to me, with these scenarios, is to have redundant full HDD backups available. That will allow flexibility when going thru various steps of malware removal from the PC.