While Just_another_Dave’s explanation is delivering the right message, two things need to be clarified.
Whether the IP address is changing with modem reset depends on ISP’s policies. They may, they may not. Even if the address changes, enumerating the entire IPv4 address space is just a few minutes in 2020s.
While NAT accidently provides some level of protection, it is not a firewall. It has never been designed to prevent intentional access to computers behind NAT. NAT’s job is to route packets to desired addresses, not to prevent packets from not being routed. The abstraction NAT provides may be easily misunderstood and wrong conclusion may be drawn from that view, if someone forgets what are the limits of that abstraction. Saying that NAT is a security mechanism is the same as saying that a “turn left” sign on a road prevents cars from turning right. Of the general purpose attacks slipstreaming is the most recent, but there has also been many other examples, dealing with NAT implementations doing nothing to protect against specifically crafted ingress traffic. A quick overview here. On top of that you have vulnerabilities in gateways. And, if that wasn’t enough, NAT may be skipped if the adversary can execute their software inside the target network.
That of course doesn’t mean the response to OP was in general wrong. I support it — just making it clear that some things are not exactly right.
Thanks for clarifying my answer. I didn’t want to mean that NAT is a security mechanism, but that reverse connection is simpler and therefore more probable (although direct connection has been used by some Trojans in the past). Therefore, I wouldn’t get paranoid and try to force a change of my ip constantly. Looking for strange processes running on your computer might be a more effective way of detecting if something strange is running on it (although it is possible to hide it).
Whether or not it came from his company, having any type of malware running on your computer is a risk and, therefore, I understand Faringdon being concerned about things happening that he hasn’t done. But concern mixed with lack of knowledge on this topic can escalate pretty quickly to fear and paranoia, specially if you’re not familiar with any of the topics discussed in this thread (I don’t know his background, so I shouldn’t assume that he knows how a computer works internally). Erasing his computer could erase most virus and in any case it will solve most problems, specially those ones caused by messy uninstallations, so there will always be an improvement if that reduces his concerns.
However, having a constant fear of being infected with some kind of virus could be a problem and, if that’s going to be the case, it might be a better idea to take the computer to someone that can inspect it (some technical services offer those services and his country might have a public it security service, like Incibe in Spain)
Edit: Regarding mouses, usbs or lamps that install malware on your computer, the same thing happens. I’m pretty sure that if you search on defcon videos someone has done something like that (and it hasn’t been done yet, it will in a future defcon). However, I doubt that his company has the means to interfere in the devices bought by its employees in any store to substitute them with malware infecting ones (and a massive attack would probably had been detected). For that reason, it wouldn’t be the first place were I’d look for the source of a possible infection. Although it is technically possible, it is quite improbable.
Additionally, I wouldn’t assume that the malware has been provided intentionally by his company. There are many other possible sources and considering that the company might have provided it unintentionally is also worth it (if they haven’t deactivated the USB ports of their computers, they might have been accidentally infected by another employee). In any case, once a trojan has been isolated it is easier to find its source by inspecting its connections, so it seems a better idea to focus on determining whether or not some kind of malware is installed on the computer before start creating conspiranoic theories that could potentially frighten him