Domain account password changed after previous malware infection. Could the malware still be on my PC?
A while ago, my PC got infected with malware that stole a bunch of my saved passwords. After finding out, I changed all of my passwords (Google, email, etc.), ran a full Malwarebytes scan, and it found it, but it had trouble removing it. I found some info online and removed it manually, did 60 Microsoft offline scans and malwayrebytes scans, and it couldn't find anything.
Everything seemed fine after that.
However, today I found out that my work domain account password was changed without me doing it. I can no longer log into my domain account. This has me worried that the malware might still be on my computer, and now it's gonna be a struggle to get my account back. I have trouble understanding how the work account password changed, because if you want to change it they have a whole password hub site to change it and stuff like that.
My questions are:
- Is it possible that the malware survived even though my antivirus detected and removed it?
- Could it still be stealing passwords or session tokens?
- At what point is a full Windows reinstall (formatting the drive) recommended instead of trusting the antivirus?
- If I do reinstall Windows, can I safely back up important files to an external hard drive first, or is there a risk that the external drive could also become infected or compromised?
- Are there any checks or tools I should run before deciding to wipe the PC?
I'd appreciate any advice from people who've dealt with info-stealing malware or password theft before. Thanks!