This is spot on. If the system is compromised the only way to ensure it’s clean is to nuke it. That is why you backup and backup often. Unless you can say without a doubt you have checksums of every file before and after the compromise was detected there’s no way to be sure if the system is truly clean..this is most true if the system is rooted.
Now mind you some operating systems are more prone to be taken over than others..but the premise is the same. If the machine is rooted the only way to insure cleanliness is to wipe it and start from ground zero. Then you have to verify all of your backups from your last known clean one for compromise.