"dodgy stuff" account, you're still infected."
"dodgy account " is still infected true but it's all just still extra layers of defence. Other accounts will not be so 'safe' account is still less vulnerable. Of course if a further vuln. allow escalation then that is a different matter.
"dodgy account" by the way is deleted/recreated at weekly intervals
Too complex a topic to describe in detail here but LONG complex passwords, multiple accounts, firewalls, NAT routers, Firefox/Noscript/ABP and a lot of other techniques alongside using Linux have kept me safe over the years.
Keeping an eye on the logs is useful. I esp. look for SSH attempts which is my only open port ( protected by unusual port number, one unusual account name and a long, difficult password)