Wednesday, November 25, 2009

How to Clean your Worm Infected iPhone

Recently we covered an article about the new iPhone worm that has been going around which affects users with OpenSSH installed and have not changed the default password. It started off innocent and escalated to something more threatening.

While there is of course the ability to change your password, some of you might not be so lucky and worms could be crawling your iPhone. Do not fret, as today I bring you some options for cleaning your iPhone. While not all of these options will bring you success, at least you'll know what your options are.

You'll need to download a copy of MobileTerminal from Cydia before hand, so if you don't already have that, go grab it now.
There are three worms currently going around, and of course lucky for us, each one requires a different fix.

Open MobileTerminal and use these commands to delete the unwanted files. These commands are case-sensitive.

1. The ikee/Rick Astley worm
This crude worm is non-threatening but unfortunately very ugly to look at.

In order to fix this ridiculous worm, we'll need to start up MobileTerminal and get into the root account directory. You will be required to enter a password. If you haven't changed it yet, the password is "alpine." Enter the following into MobileTerminal pressing enter after each command.


su root
rm /bin/poc-bbot
rm /bin/sshpass
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock

If your phone stll has the picture of Rick Astley, unfortunately it can get tricky and messy, but you will need to remove these files as well to get rid of Rick.


rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/
rm /usr/libexec/cydia/startup-helper
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist

The downfall to removing these last few files will require you to reinstall Cydia unfortunately.

2. iPhone/Privacy A:
This bad boy likes to grab your personal information and send it to whomever it wishes
Slimy one this one is. In order to remove this stinky worm, you'll need to use an AntiVirus program. Intego's VirusBarrier X5 works great on the Mac and will catch it no problem. Unfortunately those on a PC don't get any useful tips on what virus program will detect this, but if you know, feel free to share your tip!
Of course you could also do a restore and that would solve your problem, but doing so you may lose personal information. Of course if you go this route, and install OpenSSH again, please for the love of god change your password.

3. The Third Worm (Insert Snappy Virus Name):
This one is a bit more rare and pertains more to your location.
It copies personal data from your iPhone and also redirects online banking customers of a Dutch bank to a phishing web site.
Unfortunately I have no good news for you if your looking for a quick fix on this one. You'll need to do a full restore to remove this pesky bugger. And of course the same applies, if you Jailbreak again, please for the love of god change your password!
If you have any other tips for removing these worms, please share your experiences. I have yet to even talk to someone who has been affected by one of these, so no true experiences to share.

Thanks to iSmashiPhone for the de-worming tips.

This article was written at

Post a Comment