yZoH
//There Ain't No Rest For The Wicked...
- Joined
- Jul 5, 2004
- Messages
- 4,559
- Reaction score
- 103
- Points
- 63
- Location
- S/E Subs, Melb
- Website
- www.lolwut.com
- Members Ride
- (0.o')
Hey guys, I know it's inevitable that someone will post an ask, So I thought I'd put this up for you guys.
Yes all the talk of the "ikee" work aka rick astley trojan going around on Jailbroken devices with a standard SSH password,
Heres a fix I got for you all
To Prevent:
---------------
1.Download “mobileterminal” from cydia and install it on your iPhone.
2.Reboot your iPhone after successful installation of cydia mobileterminal .
3.Start the Mobile Terminal application and type the following commands
“login”and press enter(without double quote).Type
“root”as your login and
“alpine”as your password (without double quote).After logging in type
“passwd”and press enter. It will ask you for new password. Enter your desired password twice. Now your iPhone is secured from ikee worm.
Mobile Terminal
To Remove:
---------------
1. OPEN SSH SESSION OR MOBILE-TERMINAL
2. USE COMMAND "RM -RF" TO DELETE, eg: "rm -rf /bin/poc-bbot" *Repeat for everything listed bellow*
3. DELETE THESE FILES AND DIRECTORIES IF ANY AVAILABLE
(for variant A,B,C)
P.S - If any melbourne folk get this & CBF or not know how to repair there devices, I'll happily do it for you, I'm in S/E Suburbs.
Cheers
MaT
Yes all the talk of the "ikee" work aka rick astley trojan going around on Jailbroken devices with a standard SSH password,
Heres a fix I got for you all
To Prevent:
---------------
1.Download “mobileterminal” from cydia and install it on your iPhone.
2.Reboot your iPhone after successful installation of cydia mobileterminal .
3.Start the Mobile Terminal application and type the following commands
“login”and press enter(without double quote).Type
“root”as your login and
“alpine”as your password (without double quote).After logging in type
“passwd”and press enter. It will ask you for new password. Enter your desired password twice. Now your iPhone is secured from ikee worm.
To Remove:
---------------
1. OPEN SSH SESSION OR MOBILE-TERMINAL
2. USE COMMAND "RM -RF" TO DELETE, eg: "rm -rf /bin/poc-bbot" *Repeat for everything listed bellow*
3. DELETE THESE FILES AND DIRECTORIES IF ANY AVAILABLE
(for variant A,B,C)
/bin/poc-bbot
/bin/sshpass
(AFTER DOING THE FOLLOWING 3, ATTEMPT TO SET YOUR WALLPAPER VIA PHOTOS APP *MIGHT NEED TO DO THE FOLLOWING 3 TWICE, ONCE NOW, THEN ONCE AFTER REMOVING EVERYTHING ELSE)
/var/log/youcanbeclosertogod.jpg
/var/mobile/LockBackground.jpg
/var/mobile/Library/LockBackground.jpg
/System/Library/LaunchDaemons/com.ikey.bbot.plist
/var/lock/bbot.lock
(for variant D, it will overwrite Cydia's file, so reinstall Cydia after removal)/bin/sshpass
(AFTER DOING THE FOLLOWING 3, ATTEMPT TO SET YOUR WALLPAPER VIA PHOTOS APP *MIGHT NEED TO DO THE FOLLOWING 3 TWICE, ONCE NOW, THEN ONCE AFTER REMOVING EVERYTHING ELSE)
/var/log/youcanbeclosertogod.jpg
/var/mobile/LockBackground.jpg
/var/mobile/Library/LockBackground.jpg
/System/Library/LaunchDaemons/com.ikey.bbot.plist
/var/lock/bbot.lock
/usr/libexec/cydia/startup
/usr/libexec/cydia/startup.so
/usr/libexec/cydia/startup-helper
/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
4. REINSTALL SSH DAEMON/usr/libexec/cydia/startup.so
/usr/libexec/cydia/startup-helper
/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
P.S - If any melbourne folk get this & CBF or not know how to repair there devices, I'll happily do it for you, I'm in S/E Suburbs.
Cheers
MaT