Oh bugger, I’ve been Rickrolled! I was out getting tea and I received a phone call – I spotted Rick’s face which shocked me for a bit, but then remembered reading about the virus which originated in Australia. I guess it crawled fast enough over to my iPhone from there. After doing research and reading several incomplete methods on cleaning up the virus, I’ve put together a comprehensive 2 part article – how to remove it, and how to secure your iPhone from getting infected by it.
If you haven’t heard, your iPhone is very vulnerable to getting hacked if you don’t change the root password that is set for all iPhones. The first worm or virus for the iPhone is rather docile, as it merely changes the wallpaper of your phone. Nonetheless, you don’t know what evil viruses may spring up next.
The default password for iPhones is alpine and a smart hacker can use that common password to their advantage. As such, it is vital that everyone changes the default password.
The Ikee Virus Summarized
- This is the first virus for the iPhone.
- Some Aussie dude named Ashley created this virus as a proof-of-concept (what an ass).
- It only affects jailbroken phones.
- Symptoms: your iPhone wallpaper changes to show a picture of Rick Astley, accompanied by the text Ikee is never gonna give you up.
- There are 4 variants of the Ikee virus as of this moment – all of which can be removed with a bit of effort.
My personal take is that I’m grateful the worm is not malicious and it has been a wake up call for me. I’ve now changed the default password on my iPhone.
Steps to remove the Ikee virus (variant A, B, C & D)
- If you haven’t already installed mobile terminal via Cydia, do so.
- Reboot your iPhone.
- Run mobile terminal, and at the prompt, type su.
- The default password is alpine (unless you’ve already changed it).
- Type in the following commands one line at a time, end press return after each line.
You may get messages such as No such file or directory – but that’s fine, different variants may leave behind different files.rm /bin/poc-bbot
rm /bin/sshpass
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/Library/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so - When you’re done, reboot your iPhone.
- Now, change your wallpaper to something cool. You should be free of Rick’s ghost now.
- Follow the steps below to prevent getting hacked again.
Steps to change your iPhone root password (and minimize being hacked)
- Start mobile terminal (download and install via Cydia if you haven’t done so yet).
- Type su.
- Enter alpine as the password.
- At the prompt, type passwd.
- Enter your new root password. DO NOT FORGET THIS!
- Enter the same password again.
- You should now be secure from viruses that use the default password to hack into your phone.
Here lie my thoughts: that of an entrepreneur, media-junkie, gadget-junkie, photographer, videographer, once-PC-user-but-now-Mac-user and husband.
thanks a lot !!! it’s work for me
it pissed me to the max to see my wallpaper with ricky 
but now it’s GONE !! yeayyyy
thanksssss loadsssssssssss
Thanks alot!
it worked! thank you!
I wanna point out it’s very easy to make a mistake when you are typing in the root menu as there is no spellcheck
Hi All,
I tried entering all the commands twice and some files were removed and some were not found but still the ugly face of ikee is still there.
Then I tried the 3rd time with case sensitive and some files were removed.
And the virus is gone now.
So I would like to share my experience that you must type in the commands as per what you see. If it is capital letter, type it as capital letter.
Thanks alot for the help.
Thanks for sharing your experience, Shunhui. You’re right, everything must be as per how I’ve documented it. Spaces must be where they are, and the capitalization must be right.
Thank you so muchhh for the help in removing this annoying virus !!
Yes you need to follow step-by-step from the beginning till the end and remember after the rm, there’s a space in between and again it’s case sensitive. If it’s capital letter, then follow.
Thanks againnn !! So glad that I don’t need to see Rick’s face anymore! haha
Hi,
I have this Ikee virus and really don’t know what to do. The version of my mobile is 1.1.4. Please give me the link to download mobile terminal.
Thank you
hi all! i cant be able to remove the last 2 steps, the ‘startup-helper’ and ‘startup.so’ but nevertheless i got rid of the irritating picture!!! thanks to the author! im using 16G 3GS, 3.1.2 firmware. so its proven right! thanks again!
As mentioned, if you cannot remove certain files, it is because you have a different variant of the ikee virus. You might not be infected with that strain, so don’t worry about it.
I have an iPhone 1:st gen and this worked perfectly thx!!!
works like a charm.
thanks a lot!
The easiest way to delete those files is by using DiskAid -(just follow the path) and use the terminal to change the password..
TheBackpackr thanks very much for your hardwork!!!
I’ve been infected yesterday 13.02.2010 and am living in Spain.
It worked! Now I’m clean again.
Rgds,
what an asshole that dude is he should go to jail for the years strangers have had to waste fixing his stupid prank
thanks. Its works and finally – i have my own wallpaper
Thanks a bunch! Been procrastinating this for the past few months but finally decided i’ve had enough of Rick Astley…
Hiii,
I’m from sri lanka.Thanks alot finally it did work.
thanks onece again
I got this ugly picture for the past 2 weeks, then I upgraded the Iphone latest version hopefully to reset everything back. Of course, Cydia was gone as well. Now the question is, how do I install the mobile terminal without Cydia?
Can someone help?
Thanks
THANKS MATE
dude you are the best man!! thanks alot
I’ve tried everything but it didn’t work for me?! is there any other way? pls let me know, thnx
Thanks a lot. My iphone now is totally free from the ‘gay-face’. Thanks again.
it was a great help and thanks a lot for the solution
Pingback: مشكل فايروس ikee لمـ يرحل (جربت كل الطرق المتوفرة في الانترنت ) - ماك ارابيا، mac، ماكنتوش، ابل
Omg Thank you so much
Hi,
As you mentioned, if cannot remove certain files, it is because it have a different variant of the ikee virus. So what should i do?? bcoz it doesn’t seem to cure. Thanks.
guys… keep in mind that it is cap sensitive.. i just remove all of them! its works! thankiu host
I have already follow the steps u display. But i still cannot remove the virus. Can u help me out please?
Hey, dunno if it can happen to any of u guys, but I had my Iphone 3G jailbroken, and it had some hardware problem so I got new one (same Iphone 3G), don’t plan to jailbreak it, and when i got it to sync with my itunes, the lkee virus got affacted, as i know this virus is only active through jailbroken iphones right? can anyone explain why my new Iphone (not jailbroken) got this virus? is this through my itunes? and how to fix it? thanks in advance…
Hi
I follow the instruction that you teach, but whe some of th commands need capitalisation, it’s doesn’t work, it’s only always stay in small capital letter. Pls help me and tell the way to make it work.
THANK YOU
hi
i solved the problem already.Anywhere, thank’s a lot your help. You are so nice person.
Thank you.
Another way to remove the virus is to use iFile (something like explorer from Cydia). Some of the files cannot be remove via terminal..well at least it happen to me. Maybe it will help those who followed the instructions above but still unable to set their wallpaper after reboot. It is best to use iFile to browse those infected path and make sure the variants are removed. Cheers !
Moltes gràcies.
Thanks!
Thanks a lot for your guideline! I have removed the virus successfully!
THANKYOUUUUUUUUUUUUUUUUUUUUU
thankyou!!!!
Thanks !!!!!!
Really Thank you~~~~!!!!
It works~!!!
Get rid of that ghost photo~!!
thx i luv you finally d ugly ikee went away
but im still goin 2 keep him as my wallpaper
ikee ROCKS!!!!!!!!! (jk)
Hay Guys Its Work …..
Remmemberrrrrrrrrrrrrrrrrrrr Its Case Sensitive…
Capetal Letters and Small must be the same as the Instructions
Thks bro…thks alot..finally i dont need to see Rick Astley face anymore!!!!!
WORKED follow everystep carefully, make sure you use capitols when needed!
Hey i need quick replies. I am from Singapore. But thru Cydia, i cant find the app “mobile terminator” what do i do?
this totally works! i was so vexed before that.. and i didnt know after jailbreaking, it take so long to reboot that make me almost thought that my phone is gone.
THANKS SO MUCH.
worked on 22 June 2010.
Where do i get cydia? Where do i download mobile terminal app? Please help me! Can i do this directly on my iphone? I have a 2g versión 1.4. Wanted to update but have no idea how! Thank u and god bless u!
I managed to get rid of it.Yahoooooooooooooooo.
Enough of Rick Ashley.
It really works but need alot of patience.
Thank you very much…………….Richard from Singapore…//
Seriously guys, this method works like a charm, it didn’t work for me at the first time but then again i saw i’m missing a space between “rm” and “/”
so keep a space and type all that, mostly the last two commands will tell cannot delete hay what the hec, don’t worry, just type everything there,
dont forget guys, change your password, i did it before i remove the worm.
Good luck guys and stay safe!!!
hei you guys,
i know this seems a tad bit outdated.
but just tot it might help those of ya’ll whose still bummed up over this shitty ass problem.
spent 5 bagazillion times writing the instructions above and yet rick’s goddamn face is still there >.<
finally did it right this time round tho.
realised the problem was i didnt follow exactly what it says there.
and when i say exactly, i mean, EXACTLY!!!
hint hint: FOLLOW THE CAPS IF REQUIRED! small caps n big caps!!!
cheers
@ wendy:
at first, i cudnt find the terminal in cydia as well.
but heres how u can find it:
1. launch cydia
2. scroll down to “openSSH Access How-To” and click.
3. scroll all the way down to “change default password” and click
4. at the top u see “0: install mobileterminal package”
there ya go
i didnt get that picture bur the virus is in my procces
and makes my phone very very slow
gonna try to get it out now
Thank’s alot. after 5 times it worked, ofcourse with capitalization
I followed exactly what it says leave space, FOLLOW THE CAPS, small caps n big caps but still it didn’t work. What should i type when it says “remove write-protected regular empty file ‘xxxxx’?” Do I type in “YES”?? When i did so, it says ” rm: cannot remove “xxxxx” : Permission denied. For some, after I key in the command, it straightaways say rm: cannot remove “xxxxx” : No such file or directory. Please help!!!!
thanks for the guideline..really appreciate! finally i can remove the virus as well.use the instruction carefully.
When I open terminal it gets shut off automatically…..please help