This post was inspired by a netbook I re-installed for a friend. While I would consider myself a diehard Linux fan, I realize that most of the people around me still use Windows. More to the point, I get requests from friends and family using windows about fixing their computers. Given the tendency for all Windows machines to become festering hives of spyware and viruses, I get these requests incessantly. Kidding aside, given the number of times I've gone through this, I have actually honed a specific procedure for reinstalling Windows.
If you're reading this, then you (or someone you owe a favour to) probably installed the wrong file. It's my hope that this post will help you reinstall your system (and keep you entertained in the process).
First, know that there isn't a sure-fire method to save a system once it has been compromised by malware. More sophisticated programs will rewrite standard diagnostic tools or use undocumented OS API calls to escape detection. I've often found it more productive to demolish and rebuild.
Naturally, the first step before proceeding with nuking is to backup data.
Backing it all* up
(*except the viruses)
Before saving information to an external source, it's important to make sure that the external storage itself won't get infected. Some types of malware will happily write an autorun virus to your external storage if you are unfortunate enough to insert a usb storage device into an infected machine. The key to working around this is to start another environment which is malware free to copy your files over. Being a linux user, my favourite method is to use a Linux LiveUSB key (surprise). Setting one up (from a clean machine!) can be done using the Fedora liveUSB creator. Once you've created the liveUSB key, you can boot into Linux and copy the data over to the backup device. Another option to copy files would be to move the hard drive of the infected machine into an external enclosure and then copy over the files from a clean machine.
Regardless of how you choose to do this, you're not scot free yet.
There's a possibility the files you backed up were infected as well. However, these viruses won't infect your computer until you attempt to open them. We'll take care of this later. Just don't use the storage device for anything else, unless the idea of reinstalling a second computer sounds appealing to you.
Demolishing
You'll need to wipe and reinstall the operating system at this point. All Windows installers I am familiar with will allow you to delete and recreate partitions. Delete all the old partitions and recreate a new one to install Windows on. If circumstances allow, it would be best to install Windows 7 over XP. The multi-user environment is much improved, as well are some security features. It will also be supported for the next few years to come.
Word(s) of warningOnce the new OS is installed, we can continue on to the next step of installing updates and drivers.
While we're on the topic of reinstalling windows, I cannot stress enough the importance of using trusted software sources. Don't download a cracked version off a sharing site. I have yet to come across a cracked version of a program which I have been able to fully trust. My reasoning is simple: There's very little incentive for someone to invest the effort and incur the risk of cracking software, while there is much more incentive for the same cracker to install malware which steals your credit card number or enrols your computer into a russian botnet. If cost is an issue, Microsoft offers multiple free MSDNAA licenses to university students in Math, Engineering, and Science. During my undergrad, I had more licenses than I knew what to do with.
Finally, the same advice applies to other software as well. Always download software directly from the author (or company's) website. If a SHA1 or MD5 hash is provided, give it a check over.
Rebuilding
First, you'll want to take the proper precautions to prevent new infections while you're setting things back up. Your new brand new installation of Windows will be missing the latests security updates and consequently will be more vulnerable than a slice of chocolate cake when I'm nearby. Make sure you are behind a good firewall (i.e. router) and have no other computers on your network are compromised (temporarily disconnect them if you are not sure).
At this point, fix any missing driver issues you have by downloading the latests drivers from their website or from Microsoft Update. You can now proceed to install security updates as well. When everything is updated and all the drivers are installed, you can proceed to set up your standard software toolchain.
Toolchain installation
Everyone has their own preferences, but some software choices make more sense than others. I've chosen my software toolchain according to the following criteria.
- Resource requirements
- Trustworthiness
- Must be free (cost and also free of advertising/spam)
- Must be (relatively) easy to use
- Firefox + Adblock Plus
- There's a lot of 'registry cleaners' and 'antivirus' malware waiting for unsuspecting relatives to install. They're advertised using traditional ad networks. It's easier just to ignore all of it. Plus webpages turn out cleaner.
- Chrome - if its a netbook
- Better for limited real estate screens.
- Adobe Reader X
- Includes a sandbox to prevent PDF exploits from wrecking your system.
- Adobe Flash
- Can't get work done without it.
- 7zip
- Open source archive manager. Takes care of .zip, .rar and .7z formats. Doesn't nag you either.
- WinCDEmu
- Open Source Virtual ISO mounter. Useful when you find yourself in possession of ISOs but don't want to waste a CD-R or DVD-R.
- InfraRecorder
- Open Source CD/DVD burner. Much less of a resource hog than commercial alternatives available.
- VLC Player
- Open Source video player that handles almost every codec under the sun. Very good and has lots of great features (like recording webstreams).
Final configuration options before restoring files
There's 3 changes that I make to systems which seem to increase the security available. I haven't run into issues with them yet.
- Disable autorun. This is already set by default in Windows 7, but Windows XP still has issues.
- In Windows 7 systems, treat all networks as 'public'. You can do this by joining a new network and then checking the box in the bottom left-hand corner of the dialog.
- Most important: Create a strong password protected administrator account and then degrade the permissions on the original account to a 'standard' account. Don't forget to password protect it as well. When installing software, you can upgrade permissions to the admin account. Windows 7 will prompt you, while you need to do this yourself in Windows XP with Shift + Right click.
This is the final step. Plug your external storage and then immediately scan it with your antivirus. After it declares everything clean, then you can proceed to copy your files back to your hard drive. Do not do this in reverse order.
And that's it. A few hours later, you're back up and running!
I hope you found this post helpful and please do feel free to comment.
Please note: While I may sound resentful about solving others' computer problems, I actually enjoy helping out. If you know me personally and are currently freaking out about the favours you'll need to repay for my tech support, stop worrying. I really don't expect anything in return.