You would think they'd be able to get clean versions from Siemens, then zero-fill any writable memory, flash the bios with a clean version, and go from there. I get that their technical expertise isn't great, but it should be too hard to fix. At worst, they should be able to rip everything out, send it back to Siemens, and ask for a clean version in return. Not sure what international regulations might prevent Siemens from doing that, but it doesn't seem to be an insurmountable challenge.
I thought about that too, but I speculate that the clean versions from Siemens wouldn't come from the factory ready to run an Iranian nuke plant -- you'd think that code would all be developed by the engineers who run the plant. All of that code would have to be recompiled from source too, as Stuxnet attaches itself to the PLC binaries.
That's certainly possible, although I don't understand why they would take that approach. The PLCs themselves should be relatively standardized, and any specific software that was created in house should be in an offline backup somewhere. Clearly, they didn't follow best practices, but it shouldn't take a year to start from scratch, assuming you had the basics on file.
