The paragraph you read about "really nasty malware" and hiding and "very difficult to delete" is kind of correct, but is non-technical and silly. Any malware could be in a system restore. nasty or not so nasty. Just like any software could be put in there though if it was put in there and not as part of the creation of the restore point, then it probably would be malicious ! And system restore is not difficult to delete, it gets deleted as soon as you disable system restore.. it gets cleared when you disable and enable it. It is difficult with say rmdir or windows explorer, but it's easy to delete when you know how.

Also, your objection regarding the checksum, doesn't work even in theory..

suppose malware gets into system restore.. Say it's some malicious program files that will get returned in dangerous places by a system restore, along with registry changes causing them to start. If there was a file with a checksum, well it could rewrite that too. So tada it matches!

what malware does in practice tends to be display adverts, send data out about your browsing habits.. stealing bank details if you use online banking.. and in theory anything software can do.

and if you speak about checksums then you really should know they don't stop something being modified. they just let you test it afterwards.