Remove the Ikee virus from your iPhone
Oh bugger, I’ve been Rickrolled! I was out getting tea and I received a phone call – I spotted Rick’s face which shocked me for a bit, but then remembered reading about the virus which originated in Australia. I guess it crawled fast enough over to my iPhone from there. After doing research and reading several incomplete methods on cleaning up the virus, I’ve put together a comprehensive 2 part article – how to remove it, and how to secure your iPhone from getting infected by it.
If you haven’t heard, your iPhone is very vulnerable to getting hacked if you don’t change the root password that is set for all iPhones. The first worm or virus for the iPhone is rather docile, as it merely changes the wallpaper of your phone. Nonetheless, you don’t know what evil viruses may spring up next.
The default password for iPhones is alpine and a smart hacker can use that common password to their advantage. As such, it is vital that everyone changes the default password.
The Ikee Virus Summarized
- This is the first virus for the iPhone.
- Some Aussie dude named Ashley created this virus as a proof-of-concept (what an ass).
- It only affects jailbroken phones.
- Symptoms: your iPhone wallpaper changes to show a picture of Rick Astley, accompanied by the text Ikee is never gonna give you up.
- There are 4 variants of the Ikee virus as of this moment – all of which can be removed with a bit of effort.
My personal take is that I’m grateful the worm is not malicious and it has been a wake up call for me. I’ve now changed the default password on my iPhone.
Steps to remove the Ikee virus (variant A, B, C & D)
- If you haven’t already installed mobile terminal via Cydia, do so.
- Reboot your iPhone.
- Run mobile terminal, and at the prompt, type su.
- The default password is alpine (unless you’ve already changed it).
- Type in the following commands one line at a time, end press return after each line.
You may get messages such as No such file or directory – but that’s fine, different variants may leave behind different files.rm /bin/poc-bbot
rm /bin/sshpass
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/Library/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so - When you’re done, reboot your iPhone.
- Now, change your wallpaper to something cool. You should be free of Rick’s ghost now.
- Follow the steps below to prevent getting hacked again.
Steps to change your iPhone root password (and minimize being hacked)
- Start mobile terminal (download and install via Cydia if you haven’t done so yet).
- Type su.
- Enter alpine as the password.
- At the prompt, type passwd.
- Enter your new root password. DO NOT FORGET THIS!
- Enter the same password again.
- You should now be secure from viruses that use the default password to hack into your phone.
If I never installed Mobile Terminal on my jailbreaked iPhone before, can I still get the virus? How does the virus spread? Through WiFi or 3G?
Big Thanks!!
I’ve followed ur instruction & get rid of the virus.
Have a nice day!!
rgd,
Maung
Thank You for your help. At first, I tried many times but seems it didnt work but after that, i realize there’s a space between “rm” and “/” …
Thanks so much.. it work.. for the virus author.. you’re the best.. one of a kind.. but, help produce good apps, not viruses.
@Afif If you haven’t jailbroken your phone, you can’t get this Ikee virus. I believe it can spread via both wifi and 3G networks, but I’m not absolutely certain about the 3G spread.
not familiar at all with linux. but if im being asked the confrimation, should i just type ‘y’ then enter? or should i just enter. please help thanks.
Did you do the su step?
yes i have.. but when it comes to deleting the files. a message asking for confirmation appeared. what should i do at this stage? since im not a linux guy, therefore unable to command it to confirm.
Thanks alot, i’m virus free now
Thanks for the easy to follow instructions!
The Rick has successfully been removed.
hey can somebody help me here… what should i do when it ask me for confirmation to remove the file? what command do i type?
WOW! made it! it works! thanks!
Thanks a million. It works!!!! The virus is gone
Done n TQ. Do remember to insert space between rm and /
Hope ther are more good man in this world like you.
bro.. i have a problem over here.. im using iphone 2G
and after downloading n reboot mobile terminal
when i run it n trying to type in password.. it jst say command not found
can help??
I’m glad this was able to help many of you. It annoyed me to no end.
@Amar – I’m not sure why you’re having problems, so many others have cleaned it out.
@gideon – which command did you type before the command not found one? su?
I think I am the first victim in Malaysia. It happened this morning. First attempt failed. Then I saw comment by yusri on the “space after rm”. tried again and woila! the ikee ghost gone! Thanks dudes! Now got to change my pw.
hey guys i got a better method!!!
1. try to restore yr iphone using the latest itunes. using the ‘iPhone2,1_3.1.2_7D11_Restore’ ( remember restore is using the shift + restore )
2. once yr iphonee is restore , (never back up yr iphone to the latest date) choose set up as a new phone!!
and everything is done, lastly
Steps to change your iPhone root password (and minimize being hacked)
1. Start mobile terminal (download and install via Cydia if you haven’t done so yet).
2. Type su.
3. Enter alpine as the password.
4. At the prompt, type passwd.
5. Enter your new root password. DO NOT FORGET THIS!
6. Enter the same password again.
7. You should now be secure from viruses that use the default password to hack into your phone.
thanx backpackers =) i cleaned it up..yahoooooo!!!!!!!!!!!!!
Gone through the steps 3 times but I still have the iKee
I’ve a 3GS with 3.12
Any more ideas?
Thanks
I just did the steps to get rid of the virus but my iphone gets stuck at the loading screen with the apple logo
De Cruz, are you sure you won’t lose your existing data, with your method? I would rather not wipe out everything on my phone, if possible – hence using mobile terminal to delete the problematic files. I still think my method is easiest, dude.
The best way to remove the Ikee virus is making a clear restore .
hey bro! iam able to change my PW! but not the virus..
i trying to type in
Type in the following commands one line at a time, end press return after each line.
You may get messages such as No such file or directory – but that’s fine, different variants may leave behind different files.
rm /bin/poc-bbot
rm /bin/sshpass
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/Library/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so
as u told.. but yet i cant delete the virus.. can help me up??
Do you get error messages? Do note that there is a between rm and the /
i try it out again today..
each line of command is not working..
it pop up saying cannot remove … no such file or directory..
i seriously need help on this
yep.. i know there’s a space between rm /
once the password changed, i wonder is it come to default password when the firmware is restored back?
Thanks bro…
You great bro…
Now my phone work as usual without Rick’s ghost
Thanks bro!!!
Thanks man.
That did the trick.
i am also infected, but i cant seem to delete any of the files?
There seem to be non of the files found in my iphone?
i did a manual delete from mobileterminal and also winscp into the phone to look for the files..
No such file or directory
So far i am able to delete # Remove: /var/mobile/LockBackground.jpg ONLY
plz advise
It is case sensitive, I believe, so do make sure you are typing it out exactly as per the instructions. Others have been “cured”, so you should be able to as well.
thanks bro. pls try to change password first then only use the above method. it works. my phone now clear with that piece of ugly photo. thanks to the author. good work.
hey bro.. i think i have the same problem as “jaws”
any solution to it??
thanks bro…worked after i read that there was a space between rm and the /
you have been a great help thanks man!!!!! keep up the good work
awesome worked
Hey mate, have same problem as gideon and jaws, always says file not found…
Big TQ to u…
i follow all the command…
IT WORKS!!!!
KEEP IT UP….!!
have a nice day….
Thanks Again….!!!
IM SO HAPPY NOW….
GO to HELL IKEE VIRUS…
Guys i cant do the last two ones!
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so
I did eveyrthing exactly as it is but it says no such file.=(
Help mee
WOW its work .. ty Bro
welll i think he’s not helping out even we cant solve the problem..
I have the same Problem as Jaws, im sure im typing it correctly :S
any ideas why this would occur?
Anya, it means you were infected by a different variant of the Ikee, and it doesn’t have those 2 files. Don’t worry about it.
thanks a lot buddy, it did work for me. good on ya
Thanks heaps backpackr! was stuck with that pic for weeks!
thanks again.
ps get stuffed iKee!
thxxx uuu!!! finally remove this worm from my iphone
All I can say is Thank You so much……….
You are the life saver……..
To all,
This really works…….
Again……. Thank you so much……
i have problem same as gideon.what can i do?
thanks guys for the great work
If you see this message :no such file or directory..
Go to cydia and download ifile and find all adress that type in terminal. Some of them is hidden or remove befor but some of them us stile there.
And for better result check A B C methods. After you find that file. Remove it.
It’s work for me after I can’t work white terminal.
Good luck
I tried this several times, off several websites…
I got a bum steer somewhere cause the file path:
” /var/mobile/Library/LockBackground.jpg”
was missing the sub-directory “/Library”
I think the original variant worked too but so it’s probably worth giving them both a shot.
Works good now but… Cheers ey
Hey!! thanks a heap!! it worked
!!!!
Hey whenever I try to delete the files I get a “permission denied”, any way to solve this??
not working for me man!!! i’ve followed instructions step by step and it is not working at all.
i hope you can help me
chris
thanks a lot !!! it’s work for me
it pissed me to the max to see my wallpaper with ricky 
but now it’s GONE !! yeayyyy
thanksssss loadsssssssssss
Thanks alot!
it worked! thank you!
I wanna point out it’s very easy to make a mistake when you are typing in the root menu as there is no spellcheck
Hi All,
I tried entering all the commands twice and some files were removed and some were not found but still the ugly face of ikee is still there.
Then I tried the 3rd time with case sensitive and some files were removed.
And the virus is gone now.
So I would like to share my experience that you must type in the commands as per what you see. If it is capital letter, type it as capital letter.
Thanks alot for the help.
Thanks for sharing your experience, Shunhui. You’re right, everything must be as per how I’ve documented it. Spaces must be where they are, and the capitalization must be right.
Thank you so muchhh for the help in removing this annoying virus !!
Yes you need to follow step-by-step from the beginning till the end and remember after the rm, there’s a space in between and again it’s case sensitive. If it’s capital letter, then follow.
Thanks againnn !! So glad that I don’t need to see Rick’s face anymore! haha
Hi,
I have this Ikee virus and really don’t know what to do. The version of my mobile is 1.1.4. Please give me the link to download mobile terminal.
Thank you
hi all! i cant be able to remove the last 2 steps, the ’startup-helper’ and ’startup.so’ but nevertheless i got rid of the irritating picture!!! thanks to the author! im using 16G 3GS, 3.1.2 firmware. so its proven right! thanks again!
As mentioned, if you cannot remove certain files, it is because you have a different variant of the ikee virus. You might not be infected with that strain, so don’t worry about it.
I have an iPhone 1:st gen and this worked perfectly thx!!!
works like a charm.
thanks a lot!
The easiest way to delete those files is by using DiskAid -(just follow the path) and use the terminal to change the password..
TheBackpackr thanks very much for your hardwork!!!
I’ve been infected yesterday 13.02.2010 and am living in Spain.
It worked! Now I’m clean again.
Rgds,
what an asshole that dude is he should go to jail for the years strangers have had to waste fixing his stupid prank
thanks. Its works and finally – i have my own wallpaper
Thanks a bunch! Been procrastinating this for the past few months but finally decided i’ve had enough of Rick Astley…
Hiii,
I’m from sri lanka.Thanks alot finally it did work.
thanks onece again
I got this ugly picture for the past 2 weeks, then I upgraded the Iphone latest version hopefully to reset everything back. Of course, Cydia was gone as well. Now the question is, how do I install the mobile terminal without Cydia?
Can someone help?
Thanks
THANKS MATE
dude you are the best man!! thanks alot
I’ve tried everything but it didn’t work for me?! is there any other way? pls let me know, thnx
Thanks a lot. My iphone now is totally free from the ‘gay-face’. Thanks again.
it was a great help and thanks a lot for the solution
[...] الطريقه اللي بالرابط و ان شاءالله كل شي راح يضبط معاج : Remove the Ikee virus from your iPhone | TheBackpackr.com بالتوفيق ان شاءالله اختي [...]
Omg Thank you so much
Hi,
As you mentioned, if cannot remove certain files, it is because it have a different variant of the ikee virus. So what should i do?? bcoz it doesn’t seem to cure. Thanks.
guys… keep in mind that it is cap sensitive.. i just remove all of them! its works! thankiu host
I have already follow the steps u display. But i still cannot remove the virus. Can u help me out please?
Hey, dunno if it can happen to any of u guys, but I had my Iphone 3G jailbroken, and it had some hardware problem so I got new one (same Iphone 3G), don’t plan to jailbreak it, and when i got it to sync with my itunes, the lkee virus got affacted, as i know this virus is only active through jailbroken iphones right? can anyone explain why my new Iphone (not jailbroken) got this virus? is this through my itunes? and how to fix it? thanks in advance…
Hi
I follow the instruction that you teach, but whe some of th commands need capitalisation, it’s doesn’t work, it’s only always stay in small capital letter. Pls help me and tell the way to make it work.
THANK YOU
hi
i solved the problem already.Anywhere, thank’s a lot your help. You are so nice person.
Thank you.
Another way to remove the virus is to use iFile (something like explorer from Cydia). Some of the files cannot be remove via terminal..well at least it happen to me. Maybe it will help those who followed the instructions above but still unable to set their wallpaper after reboot. It is best to use iFile to browse those infected path and make sure the variants are removed. Cheers !
Moltes gràcies.
Thanks!
Thanks a lot for your guideline! I have removed the virus successfully!
THANKYOUUUUUUUUUUUUUUUUUUUUU
thankyou!!!!
Thanks !!!!!!
Really Thank you~~~~!!!!
It works~!!!
Get rid of that ghost photo~!!
thx i luv you finally d ugly ikee went away
but im still goin 2 keep him as my wallpaper
ikee ROCKS!!!!!!!!! (jk)
Hay Guys Its Work …..
Remmemberrrrrrrrrrrrrrrrrrrr Its Case Sensitive…
Capetal Letters and Small must be the same as the Instructions
Thks bro…thks alot..finally i dont need to see Rick Astley face anymore!!!!!
WORKED follow everystep carefully, make sure you use capitols when needed!
Hey i need quick replies. I am from Singapore. But thru Cydia, i cant find the app “mobile terminator” what do i do?
this totally works! i was so vexed before that.. and i didnt know after jailbreaking, it take so long to reboot that make me almost thought that my phone is gone.
THANKS SO MUCH.
worked on 22 June 2010.
I managed to get rid of it.Yahoooooooooooooooo.
Enough of Rick Ashley.
It really works but need alot of patience.
Thank you very much…………….Richard from Singapore…//
Seriously guys, this method works like a charm, it didn’t work for me at the first time but then again i saw i’m missing a space between “rm” and “/”
so keep a space and type all that, mostly the last two commands will tell cannot delete hay what the hec, don’t worry, just type everything there,
dont forget guys, change your password, i did it before i remove the worm.
Good luck guys and stay safe!!!
Leave your response!
Live on Twitter...
Quote I like: Trust is like a piece of brand new paper. Once crumpled, it will never be perfect ever again. 3 days ago
[Dangit, they're integrating the "ribbon"] Office for Mac 2011 is coming in October 2010! http://ow.ly/2vDEj 3 days ago
Want the iPad chair? It's only US$2495. http://ow.ly/2rJMJ 3 days ago
RT @WarrenTan: Malaysia Adex up 22%, online up 55%! http://bit.ly/aEjSy5 3 days ago
RT @gigaom: Is Skype Up For Sale? http://dlvr.it/4R8YT 3 days ago
More updates...
Posting tweet...
Past Articles
Blogroll
TheBackpackr revealed…
These are my thoughts and analysis of the life behind an entrepreneur, media-junkie, gadget-junkie, photographer, once-PC-user-but-now-Mac and husband.
When I'm not traipsing the world to seek for adventure, I run Integricity, a creative design and technology agency.
Tags
Recent Comments
Most Commented
Most Viewed