Do you have reason to believe your router might be compromised? If yes, then reflashing the firmware is advised on top of doing a factory default reset, without restoring from a settings backup unless you are positive this backup was made while your router was clean, and not from a too old firmware version.So having said the above, am I OK OR should I do a nuclear reset and manual re-config? If I should reset, would I be ok with restoring from a backup after a nuclear reset?
Note that if you never exposed any of the router services to the Internet, then the chances of your router being compromised are very low (could still have happened through a cross site vulnerability, for instance).
At the moment, the only publicly available information is what was published in the Trend Micro write up and Asus's security bulletin. Also note that Trend Micro analyzed one specific variant. Their write up hints at the possibility of other variants existing (potentially targeting other devices than Watchguard Firebox or Asus. routers).
The malware does not reflash the whole firmware in this case. They directly write into the MTD flash device.Couldn't the file which does the actual writing be "renamed"?