After reading this question on a server compromise, I started to wonder why people continue to seem to believe that they can recover a compromised system using detection/cleanup tools, or by just fixing the hole that was used to compromise the system.

Given all the various root kit technologies and other things a hacker can do most experts suggest you should reinstall the operating system.

I am hoping to get a better idea why more people don't just take off and nuke the system from orbit.

Here are a couple points, that I would like to see addressed.

• Are there conditions where a format/reinstall would not clean the system?
• Under what types conditions do you think a system can be cleaned, and when must you do a full reinstall?
• What reasoning do you have against doing a full reinstall?
• If you choose not to reinstall, then what method do you use to be reasonably confident you have cleaned and prevented any further damage from happening again.