Let’s be honest, the iPhone has had a pretty long run without being the target of hackers and it’s about time it gets its share of viruses and worms.
A few weeks ago, I wrote an article showing you how to protect your iPhone against hackers. But what happens if you have already been infected? What are the symptoms and how to get rid of them?
In this article, I will show you how to figure out which worm (if any) has infected your iPhone, and how to get rid of it while making sure it never comes back.
This information was first compiled by Patrick Miller of PC World, and I adapted it for the purpose of this article.
Ikee
Ikee was the first virus to target the iPhone. The symptoms are pretty clear: it changes your wallpaper to a picture of Rick Astley. So if you see a picture of a young man with the words “ikee is never gonna give you up”, then look no further, you have been infected by the Ikee worm.
Thankfully, getting rid of Ikee is pretty simple. First you will have to download and install MobileTerminal from Cydia and reboot your iPhone. Then launch MobileTerminal and login with your username and password under your root account. If you haven’t changed it yet (and you should), your username is “root” and your password is “alpine”.
Now follow these commands. Everything is case sensitive so be very careful.
rm /bin/poc-bbot
rm /bin/sshpass
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
These commands sometimes don’t work. That means you are infected by an alternate version of Ikee. If that’s the case, follow these commands instead:
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup.so
rm /usr/libexec/cydia/startup-helper
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
Note that if you have to remove the 4 files above, you will have to reinstall Cydia.
iPhone/Privacy.A
The iPhone/Privacy.A is harder to detect because it doesn’t leave any track on your iPhone. Instead, it can be installed on any computer (even Mac OS X) and it will scan all available networks in search of a vulnerable iPhone to infect.
In order to get rid of iPhone/Privacy.A, simply update and run your antivirus. It should have no problem detecting and deleting it.
Unnamed Worm
The last worm hasn’t been named yet. You can easily figure out if you’ve been infected if your battery is running down abnormally quickly. The reason to this battery drain is that the worm is constantly running in the background in search of other iPhones to spread to over wifi. This one is pretty tricky too as it will change your default SSH password to prevent you from deleting it.
Unfortunately there is no easy fix for this unnamed worm. The only solution at the time is to restore your iPhone and set it up as a new phone (do not restore from backup).
How to Make Sure You Don’t get Infected Again
The best way to make sure you don’t get infected in the first place (or don’t get infected again) is to change your iPhone root password. You may want to refer to this tutorial on how to do this.
I hope this information will be usefel those of you who have been infected, but hopefully you won’t have to use it…