Page 2 of 2 FirstFirst 12
Results 21 to 40 of 40

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: OpenSSH - Server unexpectedly closed network connection

  1. #21
    I'm having the same problem. But here's a curious thing. If I reinstall it from Cydia, it works but only once! If I don't use it for some minutes it won't work again.

  2. #22
    I am having the same problem. I did all the suggestion, but restore. However, I did find the following link to what might by the problem.

    New versions of SBSettings breaking iPhone SSH – Software caused connection abort / Server unexpectedly closed network connection - TechTeam.gr

  3. #23
    What's Jailbreak?
    Join Date
    Jul 2010
    Posts
    1
    Thanks
    0
    Thanked 4 Times in 1 Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH


    Technical Information (Analysis)
    Worm:iPhoneOS/Ikee.C is a worm that uses the default root password in SSH in order to spread among jail-broken iPhones. The worm also changes the affected machine's background image.
    Installation
    When run on an iPhone, this worm takes the following actions:


    1. Attempts to set a file lock at /var/lock/bbot.lock in order to verify that only one copy of the worm runs at a time.
    2. Attempts to copy the file /var/log/youcanbeclosertogod.jpg to /var/mobile/Library/LockBackground.jpg
    3. Removes the /usr/sbin/sshd directory and stops the SSH daemon.
    4. Attempts to spread using several hard-coded IP ranges.


    When the worm infects a remote host, it does so by copying /bin/poc-bbot, /bin/sshpass and /var/log/youcanbeclosertogod.jpg from the local system to the remote system. It also copies /var/log/youcanbeclosertogod.jpg to /var/mobil/Library/LockBackground.jpg on the remote system.

    The file /System/Library/LaunchDaemons/com.ikey.bbot.plist is also copied to the remote system and the following command is run:
    "launchctl load /System/Library/LaunchDaemons/com.ikey.bbot.plist"

    This command is used to load the worm remotely, and to add it to startup on reboot on the remote machine.

    The worm then remotely stops the SSH daemon and deletes the automatic start on reboot option for the SSH service.

  4. The Following 4 Users Say Thank You to si3gheart For This Useful Post:

    NonjaBusiness (2011-04-12), squiggly (2010-11-30), surr3a1 (2010-08-14), teste2001 (2010-11-04)

  5. #24
    any1 found a fix yet

  6. #25
    Quote Originally Posted by si3gheart View Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH


    Technical Information (Analysis)
    Worm:iPhoneOS/Ikee.C is a worm that uses the default root password in SSH in order to spread among jail-broken iPhones. The worm also changes the affected machine's background image.
    Installation
    When run on an iPhone, this worm takes the following actions:


    1. Attempts to set a file lock at /var/lock/bbot.lock in order to verify that only one copy of the worm runs at a time.
    2. Attempts to copy the file /var/log/youcanbeclosertogod.jpg to /var/mobile/Library/LockBackground.jpg
    3. Removes the /usr/sbin/sshd directory and stops the SSH daemon.
    4. Attempts to spread using several hard-coded IP ranges.


    When the worm infects a remote host, it does so by copying /bin/poc-bbot, /bin/sshpass and /var/log/youcanbeclosertogod.jpg from the local system to the remote system. It also copies /var/log/youcanbeclosertogod.jpg to /var/mobil/Library/LockBackground.jpg on the remote system.

    The file /System/Library/LaunchDaemons/com.ikey.bbot.plist is also copied to the remote system and the following command is run:
    "launchctl load /System/Library/LaunchDaemons/com.ikey.bbot.plist"

    This command is used to load the worm remotely, and to add it to startup on reboot on the remote machine.

    The worm then remotely stops the SSH daemon and deletes the automatic start on reboot option for the SSH service.
    si3gheart's solution works

  7. #26
    yeh i just did it and worked thanks anyway

  8. #27
    @Doppelgriff


    thanks man virus A method worked but not by terminal terminal couldnt find the files so i used i file and it worked like a charm
    Last edited by jogosnick; 2010-08-08 at 06:24 PM.

  9. #28
    Confirmed, si3gheart's solution worked for me. I also removed the SSH dir under /etc (just in case). Finally WinSCP can connect.
    .:Be Like No Other:. // surr3a1.iphone.blog

  10. #29
    Same here. It worked but how can you confirm the worm is competely gone?

  11. #30
    Quote Originally Posted by si3gheart View Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH


    Technical Information (Analysis)
    Worm:iPhoneOS/Ikee.C is a worm that uses the default root password in SSH in order to spread among jail-broken iPhones. The worm also changes the affected machine's background image.
    Installation
    When run on an iPhone, this worm takes the following actions:


    1. Attempts to set a file lock at /var/lock/bbot.lock in order to verify that only one copy of the worm runs at a time.
    2. Attempts to copy the file /var/log/youcanbeclosertogod.jpg to /var/mobile/Library/LockBackground.jpg
    3. Removes the /usr/sbin/sshd directory and stops the SSH daemon.
    4. Attempts to spread using several hard-coded IP ranges.


    When the worm infects a remote host, it does so by copying /bin/poc-bbot, /bin/sshpass and /var/log/youcanbeclosertogod.jpg from the local system to the remote system. It also copies /var/log/youcanbeclosertogod.jpg to /var/mobil/Library/LockBackground.jpg on the remote system.

    The file /System/Library/LaunchDaemons/com.ikey.bbot.plist is also copied to the remote system and the following command is run:
    "launchctl load /System/Library/LaunchDaemons/com.ikey.bbot.plist"

    This command is used to load the worm remotely, and to add it to startup on reboot on the remote machine.

    The worm then remotely stops the SSH daemon and deletes the automatic start on reboot option for the SSH service.
    This worked for me to, thank you, I've been trying to get winscp to work for ages

  12. #31
    the si3gheart solution worked for me also
    simple...

    thanks

  13. #32
    Quote Originally Posted by si3gheart View Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH


    Technical Information (Analysis)
    Worm:iPhoneOS/Ikee.C is a worm that uses the default root password in SSH in order to spread among jail-broken iPhones. The worm also changes the affected machine's background image.
    Installation
    When run on an iPhone, this worm takes the following actions:


    1. Attempts to set a file lock at /var/lock/bbot.lock in order to verify that only one copy of the worm runs at a time.
    2. Attempts to copy the file /var/log/youcanbeclosertogod.jpg to /var/mobile/Library/LockBackground.jpg
    3. Removes the /usr/sbin/sshd directory and stops the SSH daemon.
    4. Attempts to spread using several hard-coded IP ranges.


    When the worm infects a remote host, it does so by copying /bin/poc-bbot, /bin/sshpass and /var/log/youcanbeclosertogod.jpg from the local system to the remote system. It also copies /var/log/youcanbeclosertogod.jpg to /var/mobil/Library/LockBackground.jpg on the remote system.

    The file /System/Library/LaunchDaemons/com.ikey.bbot.plist is also copied to the remote system and the following command is run:
    "launchctl load /System/Library/LaunchDaemons/com.ikey.bbot.plist"

    This command is used to load the worm remotely, and to add it to startup on reboot on the remote machine.

    The worm then remotely stops the SSH daemon and deletes the automatic start on reboot option for the SSH service.
    Thanks you're a saver !!

  14. #33
    I followed the steps provided here to fix the SSH issue but you can find the rest of the files to get rid of here:

    How do I remove the ikee virus from my iPhone? | The iPhone FAQ

    Change your root and mobile passwords afterwards as suggested to prevent reinfection.

    Now to try and fine out which app file was infected.

  15. #34
    Quote Originally Posted by si3gheart View Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH
    worked a treat straight off thanks

  16. #35
    Good stuff. Now I need to figure out where it is I got infected.

  17. #36
    Gr8 stuff si3gheart thank you! also be sure to visit this website with step by step instructions to completely remove this work.

    iPhoneOS.Ikee Removal - Removing Help | Symantec

  18. #37
    si3gheart's solution worked for me too!

    Thanks, man!

  19. #38
    Quote Originally Posted by wsegatto View Post
    si3gheart's solution worked for me too!

    Thanks, man!
    Let me add something very important, after following the steps to get it back working it would work fine for some time and then stop working again and I had to re-install SSH again and again, to solve my problem once and for all I had to change the default password.


    CHANGE THE DEFAULT PASSWORD TO AVOID FUTURE VIRUSES/EXPLOITS

    Change your jailbroken iPhone SSH password with MobileTerminal

  20. #39
    Question Uh Oh!
    Quote Originally Posted by si3gheart View Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH


    Technical Information (Analysis)
    Worm:iPhoneOS/Ikee.C is a worm that uses the default root password in SSH in order to spread among jail-broken iPhones. The worm also changes the affected machine's background image.
    Installation
    When run on an iPhone, this worm takes the following actions:


    1. Attempts to set a file lock at /var/lock/bbot.lock in order to verify that only one copy of the worm runs at a time.
    2. Attempts to copy the file /var/log/youcanbeclosertogod.jpg to /var/mobile/Library/LockBackground.jpg
    3. Removes the /usr/sbin/sshd directory and stops the SSH daemon.
    4. Attempts to spread using several hard-coded IP ranges.


    When the worm infects a remote host, it does so by copying /bin/poc-bbot, /bin/sshpass and /var/log/youcanbeclosertogod.jpg from the local system to the remote system. It also copies /var/log/youcanbeclosertogod.jpg to /var/mobil/Library/LockBackground.jpg on the remote system.

    The file /System/Library/LaunchDaemons/com.ikey.bbot.plist is also copied to the remote system and the following command is run:
    "launchctl load /System/Library/LaunchDaemons/com.ikey.bbot.plist"

    This command is used to load the worm remotely, and to add it to startup on reboot on the remote machine.

    The worm then remotely stops the SSH daemon and deletes the automatic start on reboot option for the SSH service.
    I tried the same method but I was stupid enough to reboot my iphone before installing openSSH again. Now at the lock screen, i can't 'Slide To Unlock' or power off, and the touch screen doesn't work? Plus theres some weird text at the top overlapping the carrier text. I can't make out what it is. Am now doing a restore..

  21. #40
    Default Genius!!
    Quote Originally Posted by si3gheart View Post
    Delete this files: (I used iFile
    / System / Library / LaunchDaemons / com.ikey.bbot.plist
    / Bin / poc-bbot

    Reinstall OpenSSH


    Technical Information (Analysis)
    Worm:iPhoneOS/Ikee.C is a worm that uses the default root password in SSH in order to spread among jail-broken iPhones. The worm also changes the affected machine's background image.
    Installation
    When run on an iPhone, this worm takes the following actions:


    1. Attempts to set a file lock at /var/lock/bbot.lock in order to verify that only one copy of the worm runs at a time.
    2. Attempts to copy the file /var/log/youcanbeclosertogod.jpg to /var/mobile/Library/LockBackground.jpg
    3. Removes the /usr/sbin/sshd directory and stops the SSH daemon.
    4. Attempts to spread using several hard-coded IP ranges.


    When the worm infects a remote host, it does so by copying /bin/poc-bbot, /bin/sshpass and /var/log/youcanbeclosertogod.jpg from the local system to the remote system. It also copies /var/log/youcanbeclosertogod.jpg to /var/mobil/Library/LockBackground.jpg on the remote system.

    The file /System/Library/LaunchDaemons/com.ikey.bbot.plist is also copied to the remote system and the following command is run:
    "launchctl load /System/Library/LaunchDaemons/com.ikey.bbot.plist"

    This command is used to load the worm remotely, and to add it to startup on reboot on the remote machine.

    The worm then remotely stops the SSH daemon and deletes the automatic start on reboot option for the SSH service.
    Thanks a ton, my friend!

Page 2 of 2 FirstFirst 12
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •