In the vast majority of cases you are correct, but technically even wiping the drive and doing a clean install of the OS is not enough to ensure you have removed all malware. In many cases it is possible for malware to infect your video card, your mouse, your keyboard and anything else that has reflashable or persistent memory on it. Some mouses these days have their own CPU's and on board memory! In such a case it is possible to have a totally cleaned drive and freshly installed OS, and to get reinfected via your infected peripherals and other hardware.  Javascript can be used to deliver malware via browser exploits.