+ Reply
Page 1 of 2 12 LastLast
Results 1 to 20 of 25

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Got Worms? How to Clean your Infected iPhone

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
Recently we covered an article about the new iPhone worm that has been going around which affects users with OpenSSH installed and have not changed the default password. It started
...
  1. #1
    MMi Staff Writer Nick Hesson's Avatar
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    700
    Thanks
    109
    Thanked 1,576 Times in 277 Posts

    Default Got Worms? How to Clean your Infected iPhone


    Recently we covered an article about the new iPhone worm that has been going around which affects users with OpenSSH installed and have not changed the default password. It started off innocent and escalated to something more threatening.

    While there is of course the ability to change your password, some of you might not be so lucky and worms could be crawling your iPhone. Do not fret, as today I bring you some options for cleaning your iPhone. While not all of these options will bring you success, at least you'll know what your options are.

    You'll need to download a copy of MobileTerminal from Cydia before hand, so if you don't already have that, go grab it now.

    There are three worms currently going around, and of course lucky for us, each one requires a different fix.

    Open MobileTerminal and use these commands to delete the unwanted files. These commands are case-sensitive.

    1. The ikee/Rick Astley worm

    This crude worm is non-threatening but unfortunately very ugly to look at.

    In order to fix this ridiculous worm, we'll need to start up MobileTerminal and get into the root account directory. You will be required to enter a password. If you haven't changed it yet, the password is "alpine." Enter the following into MobileTerminal pressing enter after each command.

    su root

    rm /bin/poc-bbot

    rm /bin/sshpass

    rm /var/log/youcanbeclosertogod.jpg

    rm /var/mobile/LockBackground.jpg

    rm /System/Library/LaunchDaemons/com.ikey.bbot.plist

    rm /var/lock/bbot.lock
    If your phone stll has the picture of Rick Astley, unfortunately it can get tricky and messy, but you will need to remove these files as well to get rid of Rick.

    rm /usr/libexec/cydia/startup

    rm /usr/libexec/cydia/startup.so

    rm /usr/libexec/cydia/startup-helper

    rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
    The downfall to removing these last few files will require you to reinstall Cydia unfortunately.

    2. iPhone/Privacy A:

    This bad boy likes to grab your personal information and send it to whomever it wishes

    Slimy one this one is. In order to remove this stinky worm, you'll need to use an AntiVirus program. Intego's VirusBarrier X5 works great on the Mac and will catch it no problem. Unfortunately those on a PC don't get any useful tips on what virus program will detect this, but if you know, feel free to share your tip!

    Of course you could also do a restore and that would solve your problem, but doing so you may lose personal information. Of course if you go this route, and install OpenSSH again, please for the love of god change your password.


    3. The Third Worm (Insert Snappy Virus Name):

    This one is a bit more rare and pertains more to your location.
    It copies personal data from your iPhone and also redirects online banking customers of a Dutch bank to a phishing web site.

    Unfortunately I have no good news for you if your looking for a quick fix on this one. You'll need to do a full restore to remove this pesky bugger. And of course the same applies, if you Jailbreak again, please for the love of god change your password!

    UPDATE: A user in the replies has noted the following:
    I read somewhere a couple of days ago (you'd have to google for it to confirm this) that the worm that redirects you to a fake bank website also changes your root password to "ohsh1t" (but the 1 is really an i, you get the idea). I don't know if this is the worm you have, but I'm just trying to help out...
    If you have any other tips for removing these worms, please share your experiences. I have yet to even talk to someone who has been affected by one of these, so no true experiences to share.

    Thanks to iSmashiPhone for the de-worming tips.

    Check out our previous coverage on these Worms:

    Malicious Worm Takes Aim at Jailbroken iPhones
    Malware Allows Access to Jailbroken iPhones
    Aussie Worm Rickrolls Jailbroken iPhones
    Last edited by Nick Hesson; 11-25-2009 at 04:27 PM.

  2. The Following User Says Thank You to Nick Hesson For This Useful Post:

    evilgeniusmojo (11-25-2009)

  3. #2
    iPhoneaholic metaljay's Avatar
    Join Date
    Nov 2007
    Location
    England
    Posts
    482
    Thanks
    26
    Thanked 27 Times in 26 Posts

    could you not install the 'iphone firewall' i forgot the name on cyida, and block all outgoing connections lol???
    surely this would stop the worm in its tracks


    Like A Boss

  4. #3
    MMi Staff Writer Nick Hesson's Avatar
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    700
    Thanks
    109
    Thanked 1,576 Times in 277 Posts

    Quote Originally Posted by metaljay View Post
    could you not install the 'iphone firewall' i forgot the name on cyida, and block all outgoing connections lol???
    surely this would stop the worm in its tracks
    Actually, that would probably work. However, If I ever got the worm, I would want it out of my system for sure, not just masking it.

    And Firewall IP would be a $2.49 fix, when you could just fix it for free That is if you didn't already have Firewall IP

  5. #4
    What's Jailbreak?
    Join Date
    Nov 2009
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How do I change my password? I just got the Iphone and a buddy set up everything for me(blackrain, cydia, *********, etc)

    Thanx

    jus found it in the forums but whats the old password?

    OOps. I got it. Didnt see it above. Great forum
    Last edited by dklst; 11-25-2009 at 03:54 AM. Reason: Automerged Doublepost

  6. #5
    MMi Staff Writer Nick Hesson's Avatar
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    700
    Thanks
    109
    Thanked 1,576 Times in 277 Posts

    Quote Originally Posted by dklst View Post
    How do I change my password? I just got the Iphone and a buddy set up everything for me(blackrain, cydia, *********, etc)

    Thanx

    jus found it in the forums but whats the old password?

    OOps. I got it. Didnt see it above. Great forum
    default password is alpine
    Last edited by Nick Hesson; 11-25-2009 at 11:58 AM.

  7. #6
    iPhone? More like MyPhone
    Join Date
    Jul 2009
    Posts
    115
    Thanks
    0
    Thanked 16 Times in 10 Posts

    what i want to know is how can i tell if i have the 2nd and 3rd worm?
    the first one is pretty easy to detect - but those two...

  8. #7
    What's Jailbreak?
    Join Date
    Jan 2008
    Posts
    13
    Thanks
    1
    Thanked 0 Times in 0 Posts

    can i get that worm i didn't install that open SSH?

  9. #8
    Green Apple mgebara's Avatar
    Join Date
    Dec 2007
    Posts
    58
    Thanks
    1
    Thanked 6 Times in 5 Posts

    Quote Originally Posted by pdogg626 View Post
    can i get that worm i didn't install that open SSH?
    Nope you're good since the worms need ssh to get into your phone.

  10. #9
    What's Jailbreak?
    Join Date
    Nov 2009
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    how do you change the default password? This increase in malicious software is starting to freak me out. I hate restoring my phone.

  11. #10
    What's Jailbreak?
    Join Date
    Nov 2009
    Posts
    21
    Thanks
    2
    Thanked 1 Time in 1 Post
    Quote Originally Posted by -=viper=- View Post
    what i want to know is how can i tell if i have the 2nd and 3rd worm?
    the first one is pretty easy to detect - but those two...
    x2 i would like to know this as well...

  12. #11
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    no, its alpine, not apline

  13. #12
    My iPhone is a Part of Me hollow0's Avatar
    Join Date
    Jun 2008
    Location
    Tampa, FL
    Posts
    671
    Thanks
    49
    Thanked 49 Times in 39 Posts

    thank goodness i've already changed my password. It's the first thing i did after installing it!

  14. #13
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    i was talking to nickhesson

  15. #14
    Livin the iPhone Life Dizzy714's Avatar
    Join Date
    Jan 2008
    Posts
    1,095
    Thanks
    42
    Thanked 422 Times in 217 Posts

    How do you change your password?

  16. #15
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    look at the article up page

  17. #16
    Livin the iPhone Life Dizzy714's Avatar
    Join Date
    Jan 2008
    Posts
    1,095
    Thanks
    42
    Thanked 422 Times in 217 Posts

    Alright after I logged in I went up to preferences and made a Master Password, was that what I was supposed to do? I don't like having to enter the master pass every time I want to login, there's no option to save the pass - it's like a password overtop of the alpine password, so alpine isn't changed. Every time I type in anything other than alpine in that slot, it says it needs a pre-authenticated password.

  18. #17
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    i dont really know how to do all this stuff. besides, these worms aren't in the usa, only around europe.

  19. #18
    My iPhone is a Part of Me JazJon's Avatar
    Join Date
    Aug 2008
    Location
    San Francisco
    Posts
    606
    Thanks
    37
    Thanked 51 Times in 39 Posts

    Has anyone created an app to change your passwords? I know the terminal and commands are not the complex to do, but still. Easy is Easy.

  20. #19
    MMi Staff Writer Nick Hesson's Avatar
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    700
    Thanks
    109
    Thanked 1,576 Times in 277 Posts

    Quote Originally Posted by psp257 View Post
    no, its alpine, not apline
    hahha yea, it was wayyyy to early in the morning. thanks for catching that.

    ALPINE

  21. #20
    My iPhone is a Part of Me kadinh's Avatar
    Join Date
    May 2008
    Location
    Texas
    Posts
    542
    Thanks
    58
    Thanked 23 Times in 19 Posts

    to change root password:

    * install and run "Mobile Terminal"
    * type su root at the shell prompt and tap enter
    * type passwd and tap enter
    * enter alpine for your old password
    * enter new password
    * enter new password again to confirm

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts