In Windows, how do I safely rebuild my computer?

The most common reason for rebuilding your Windows computer is a system-level compromise, such as infection with a system-level worm (e.g., Blaster, Welchia) or a system bug that's been exploited. If you encounter these circumstances, you must rebuild your computer to be sure that you have removed all traces of the compromise. Additionally, if you were running a Windows operating system earlier than XP, UITS strongly encourages you to rebuild with XP or Vista. For information on purchasing Windows XP or Windows Vista if you are an Indiana University student, faculty member, or staff member, see IU's software agreement with Microsoft, and consult the "Acquiring the software" section.

To thoroughly clean and rebuild your computer, be sure to take all of the following steps; failure to do so can put the entire IU network at risk.

Note: If you live in campus housing, you must run the Get Connected software after the rebuild is complete. If you were blocked from the network, you must request and wait for the block to be lifted before you can use it.

1. Remove your computer from the network by unplugging the network cable from the computer, or by turning off the wireless or dial-up connection. Do not reconnect your computer to the network until the last step, after you've taken all the following steps; otherwise, you risk being compromised again.
   
   
2. In preparation for wiping your computer's hard drive, back up your personal files to disk. The easiest way to do this is to burn them to CD. For information about burning CDs in Windows XP or Vista, see In Windows XP or Vista, how do I write a CD?
   
   
3. Perform a clean install of Windows XP or Vista. (Again, make sure you've backed up your personal files; they will be unrecoverable after you wipe the hard drive.) If your Windows XP CD says "with Service Pack 3", you can skip step 4 below. Use the original disks to reinstall any other software applications you own. Make sure you use a different password for the administrative account than you used in the previous installation. When you reboot your computer, allow automatic updates when prompted, which is the recommended action. For instructions on installing Windows XP, see How do I install Windows XP? For instructions on installing Windows Vista, see How do I install Windows Vista?

   Note: At IU Bloomington, if you aren't comfortable rebuilding your computer, you can use Carry-in Consulting.

4. Reinstall drivers for your network card, printer, and other devices. Either use the driver disk provided by the manufacturer of the device or visit the manufacturer's web site and download the driver.
   
   
5. Install the latest Windows patches and service packs; see What are service packs for Windows, and where can I get them?

   Note: Windows patches are no longer available on IUware Online. The Get Connected software contains most Windows patches. All patches are available from the IU Microsoft Update Service; for more information, see At IU, how do I configure my computer to use the IU Microsoft Update Service?

6. Turn on a personal firewall; see In Windows XP, how do I enable or disable the firewall?
   
   
7. Install antivirus software and spyware detection and removal utilities. Symantec Endpoint Protection and Windows Defender are available free to students, faculty, and staff. For further help, see:
   
   
   • In Windows, how do I safely upgrade to the latest Symantec Endpoint or AntiVirus software?
   • What is Windows Defender and how do I use it?
   
   
8. Reconnect to the network, and change your IU Network ID passphrase immediately after you have rebuilt your computer. When crackers have control of your computer, they can monitor and log every keystroke you enter (e.g., passwords, email conversations). See At IU, how do I change or synchronize my Network ID passphrase?

   Note: If you were blocked from the network, you must request and wait for the block to be lifted before you can do this from your own computer. For more information, see If my network access has been disabled by UIPO or UISO, how can I get it re-enabled?

UITS also recommends the following to help prevent future system compromises:

• Keep your Windows service packs current by scheduling daily automatic updates; for more information, see For Windows, how can I get software updates and patches?
  
  
• Schedule your Symantec AntiVirus to perform daily LiveUpdates; for more information, see In Symantec/Norton AntiVirus for Windows, how do I schedule automatic LiveUpdates and virus scans?
  
  
• Practice the principle of least privilege when using your computer. If your computer gets exploited, it helps prevent crackers from acquiring administrative access. For more, see In Windows, how can I run an administrator task from a non-admin account?

Also see:

• For Symantec virus protection software, what are my options for updating the virus definitions?
• If my network access has been disabled by UIPO or UISO, how can I get it re-enabled?
• What is security software?
• Why do I have to format and reinstall Windows after my computer is infected with a virus?