Page 1 of 2 12 LastLast
Results 1 to 20 of 25

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Got Worms? How to Clean your Infected iPhone

  1. #1
    Default Got Worms? How to Clean your Infected iPhone


    Recently we covered an article about the new iPhone worm that has been going around which affects users with OpenSSH installed and have not changed the default password. It started off innocent and escalated to something more threatening.

    While there is of course the ability to change your password, some of you might not be so lucky and worms could be crawling your iPhone. Do not fret, as today I bring you some options for cleaning your iPhone. While not all of these options will bring you success, at least you'll know what your options are.

    You'll need to download a copy of MobileTerminal from Cydia before hand, so if you don't already have that, go grab it now.

    There are three worms currently going around, and of course lucky for us, each one requires a different fix.

    Open MobileTerminal and use these commands to delete the unwanted files. These commands are case-sensitive.

    1. The ikee/Rick Astley worm

    This crude worm is non-threatening but unfortunately very ugly to look at.

    In order to fix this ridiculous worm, we'll need to start up MobileTerminal and get into the root account directory. You will be required to enter a password. If you haven't changed it yet, the password is "alpine." Enter the following into MobileTerminal pressing enter after each command.

    su root

    rm /bin/poc-bbot

    rm /bin/sshpass

    rm /var/log/youcanbeclosertogod.jpg

    rm /var/mobile/LockBackground.jpg

    rm /System/Library/LaunchDaemons/com.ikey.bbot.plist

    rm /var/lock/bbot.lock
    If your phone stll has the picture of Rick Astley, unfortunately it can get tricky and messy, but you will need to remove these files as well to get rid of Rick.

    rm /usr/libexec/cydia/startup

    rm /usr/libexec/cydia/startup.so

    rm /usr/libexec/cydia/startup-helper

    rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
    The downfall to removing these last few files will require you to reinstall Cydia unfortunately.

    2. iPhone/Privacy A:

    This bad boy likes to grab your personal information and send it to whomever it wishes

    Slimy one this one is. In order to remove this stinky worm, you'll need to use an AntiVirus program. Intego's VirusBarrier X5 works great on the Mac and will catch it no problem. Unfortunately those on a PC don't get any useful tips on what virus program will detect this, but if you know, feel free to share your tip!

    Of course you could also do a restore and that would solve your problem, but doing so you may lose personal information. Of course if you go this route, and install OpenSSH again, please for the love of god change your password.


    3. The Third Worm (Insert Snappy Virus Name):

    This one is a bit more rare and pertains more to your location.
    It copies personal data from your iPhone and also redirects online banking customers of a Dutch bank to a phishing web site.

    Unfortunately I have no good news for you if your looking for a quick fix on this one. You'll need to do a full restore to remove this pesky bugger. And of course the same applies, if you Jailbreak again, please for the love of god change your password!

    UPDATE: A user in the replies has noted the following:
    I read somewhere a couple of days ago (you'd have to google for it to confirm this) that the worm that redirects you to a fake bank website also changes your root password to "ohsh1t" (but the 1 is really an i, you get the idea). I don't know if this is the worm you have, but I'm just trying to help out...
    If you have any other tips for removing these worms, please share your experiences. I have yet to even talk to someone who has been affected by one of these, so no true experiences to share.

    Thanks to iSmashiPhone for the de-worming tips.

    Check out our previous coverage on these Worms:

    Malicious Worm Takes Aim at Jailbroken iPhones
    Malware Allows Access to Jailbroken iPhones
    Aussie Worm Rickrolls Jailbroken iPhones
    Last edited by Nick Hesson; 11-25-2009 at 05:27 PM.

  2. The Following User Says Thank You to Nick Hesson For This Useful Post:

    evilgeniusmojo (11-25-2009)

  3. #2
    could you not install the 'iphone firewall' i forgot the name on cyida, and block all outgoing connections lol???
    surely this would stop the worm in its tracks


    Like A Boss

  4. #3
    Quote Originally Posted by metaljay View Post
    could you not install the 'iphone firewall' i forgot the name on cyida, and block all outgoing connections lol???
    surely this would stop the worm in its tracks
    Actually, that would probably work. However, If I ever got the worm, I would want it out of my system for sure, not just masking it.

    And Firewall IP would be a $2.49 fix, when you could just fix it for free That is if you didn't already have Firewall IP

  5. #4
    How do I change my password? I just got the Iphone and a buddy set up everything for me(blackrain, cydia, *********, etc)

    Thanx

    jus found it in the forums but whats the old password?

    OOps. I got it. Didnt see it above. Great forum
    Last edited by dklst; 11-25-2009 at 04:54 AM. Reason: Automerged Doublepost

  6. #5
    Quote Originally Posted by dklst View Post
    How do I change my password? I just got the Iphone and a buddy set up everything for me(blackrain, cydia, *********, etc)

    Thanx

    jus found it in the forums but whats the old password?

    OOps. I got it. Didnt see it above. Great forum
    default password is alpine
    Last edited by Nick Hesson; 11-25-2009 at 12:58 PM.

  7. #6
    what i want to know is how can i tell if i have the 2nd and 3rd worm?
    the first one is pretty easy to detect - but those two...

  8. #7
    can i get that worm i didn't install that open SSH?

  9. #8
    Quote Originally Posted by pdogg626 View Post
    can i get that worm i didn't install that open SSH?
    Nope you're good since the worms need ssh to get into your phone.

  10. #9
    how do you change the default password? This increase in malicious software is starting to freak me out. I hate restoring my phone.

  11. #10
    Quote Originally Posted by -=viper=- View Post
    what i want to know is how can i tell if i have the 2nd and 3rd worm?
    the first one is pretty easy to detect - but those two...
    x2 i would like to know this as well...

  12. #11
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    no, its alpine, not apline

  13. #12
    My iPhone is a Part of Me hollow0's Avatar
    Join Date
    Jun 2008
    Location
    Tampa, FL
    Posts
    671
    Thanks
    49
    Thanked 49 Times in 39 Posts

    thank goodness i've already changed my password. It's the first thing i did after installing it!

  14. #13
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    i was talking to nickhesson

  15. #14
    How do you change your password?

  16. #15
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    look at the article up page

  17. #16
    Alright after I logged in I went up to preferences and made a Master Password, was that what I was supposed to do? I don't like having to enter the master pass every time I want to login, there's no option to save the pass - it's like a password overtop of the alpine password, so alpine isn't changed. Every time I type in anything other than alpine in that slot, it says it needs a pre-authenticated password.

  18. #17
    Green Apple
    Join Date
    Jul 2009
    Location
    The Windy City
    Posts
    40
    Thanks
    7
    Thanked 1 Time in 1 Post
    i dont really know how to do all this stuff. besides, these worms aren't in the usa, only around europe.

  19. #18
    My iPhone is a Part of Me JazJon's Avatar
    Join Date
    Aug 2008
    Location
    San Francisco
    Posts
    607
    Thanks
    37
    Thanked 51 Times in 39 Posts

    Has anyone created an app to change your passwords? I know the terminal and commands are not the complex to do, but still. Easy is Easy.

  20. #19
    Quote Originally Posted by psp257 View Post
    no, its alpine, not apline
    hahha yea, it was wayyyy to early in the morning. thanks for catching that.

    ALPINE

  21. #20
    My iPhone is a Part of Me kadinh's Avatar
    Join Date
    May 2008
    Location
    Texas
    Posts
    543
    Thanks
    58
    Thanked 23 Times in 19 Posts

    to change root password:

    * install and run "Mobile Terminal"
    * type su root at the shell prompt and tap enter
    * type passwd and tap enter
    * enter alpine for your old password
    * enter new password
    * enter new password again to confirm

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •