Reinstalling Your Compromised Computer

Overview

The following is a general guide on how to perform a clean reinstall of your computer. Reinstalling a computer after it has been compromised can be a painstaking process, but it is the best way to be certain that everything an attacker left behind has been found. 

Checklist before performing a reinstall

  1. Change passwords - You should change passwords to all systems you have connected to from your computer during the period it could have been compromised. Especially look at bank and credit card sites, CalNet ID, email, and online stores as the attacker may have installed a keylogger on your computer. DO NOT change the password from the compromised computer. If you do not have access to any other computers, change your password after the reinstall process has been completed. Tips on chosing good passwords.
  2. Make sure your data files are backed up - You should make sure you have a working backup of all of the files you want to keep. DO NOT backup applications such as Microsoft Office, iTunes, etc., as the attacker may have modified the program files. 
  3. Gather your installation CDs/DVDs and procedures - Make sure you have your operating system install media as well as media for all other required applications and installation guides. Some computers come without operating system installation media, but with a "recovery" method, either as a disc or as a special partition on the computer's hard drive designed to recover your computer to a "factory default" installation. Make sure to read through the installation to make sure you understand the process. You can download campus provided anti-virus software from http://software-central.berkeley.edu.

Performing the reinstall

  1. Isolate the computer - make sure all external drives have been disconnected and the computer is not connected to any network.
  2. Reinstall the operating system - Use the appropriate method to reinstall the operating system. During the install/recovery process, be sure to have the installer format your computer's internal hard drive to delete all data on the hard drive.
  3. Turn on the operating system's firewall - If you are installing an operating system with a built-in firewall, enable it. If your operating system does not have a built-in firewall or you wish to use 3rd party software, install it now. Another option is to place the computer behind a hardware firewall device. The typical "broadband router" sold at most computer supplies stores will provide a basic firewall capability. If this method is chosen, here are few warnings during the reinstall process.
    • Change the password on the firewall! Default passwords for these consumer grade routers are widely known and should be changed immediately.
    • If the router is also a wireless access point, disable the wireless radio. This will prevent rogue computers from connecting to the firewall and attack your computer during the reinstall. You may re-enable the wireless feature once the reinstall is completed. Be sure to consult the manufacturer's manual to enable the wireless security features available on the firewall.
    • Make sure no other computers are connected to the firewall during the reinstall, for similar reason as disabling the wireless radio.
  4. Install operating system updates - First, connect to the network with a firewall enabled, then run your operating system's native software update tool. DO NOT use the computer for any other online activity at this time.
  5. Install anti-virus software - See Software Central for free AV software for the UCB campus community. After anti-virus software is installed, run an update check to make sure the software is up-to-date. Do not turn off any scanning function of your anti-virus.
  6. Reinstall applications - Refrain from installing applications from an untrusted source. Many free applications provided on the web can contain malware (that may have contributed to your compromise in the first place). 

Recovering from your backup

  1. Make sure the anti-virus software is still enabled - If you had to disable the anti-virus software temporarily while installing an application, re-enable it now.
  2. Run an anti-virus scan on each of the backup media - This step will catch any viruses that may have infected your email or documents.
  3. Copy over the documents to your hard drive - Only copy over files that have been scanned and are uninfected.

Keeping your computer safe

  1. Keep your operating system and applications updated - Turn on automatic update features where available and run update checks regularly.
  2. Keep firewall and anti-virus software enabled - It only takes a foot in the doorway for an attacker to fully compromise a system.
  3. Learn and practice good cyber security - See Minimum Security Standards for Networked Devices for the campus.