Remove the Ikee virus from your iPhone
Oh bugger, I’ve been Rickrolled! I was out getting tea and I received a phone call – I spotted Rick’s face which shocked me for a bit, but then remembered reading about the virus which originated in Australia. I guess it crawled fast enough over to my iPhone from there. After doing research and reading several incomplete methods on cleaning up the virus, I’ve put together a comprehensive 2 part article – how to remove it, and how to secure your iPhone from getting infected by it.
If you haven’t heard, your iPhone is very vulnerable to getting hacked if you don’t change the root password that is set for all iPhones. The first worm or virus for the iPhone is rather docile, as it merely changes the wallpaper of your phone. Nonetheless, you don’t know what evil viruses may spring up next.
The default password for iPhones is alpine and a smart hacker can use that common password to their advantage. As such, it is vital that everyone changes the default password.
The Ikee Virus Summarized
- This is the first virus for the iPhone.
- Some Aussie dude named Ashley created this virus as a proof-of-concept (what an ass).
- It only affects jailbroken phones.
- Symptoms: your iPhone wallpaper changes to show a picture of Rick Astley, accompanied by the text Ikee is never gonna give you up.
- There are 4 variants of the Ikee virus as of this moment – all of which can be removed with a bit of effort.
My personal take is that I’m grateful the worm is not malicious and it has been a wake up call for me. I’ve now changed the default password on my iPhone.
Steps to remove the Ikee virus (variant A, B, C & D)
- If you haven’t already installed mobile terminal via Cydia, do so.
- Reboot your iPhone.
- Run mobile terminal, and at the prompt, type su.
- The default password is alpine (unless you’ve already changed it).
- Type in the following commands one line at a time, end press return after each line.
You may get messages such as No such file or directory – but that’s fine, different variants may leave behind different files.rm /bin/poc-bbot
rm /bin/sshpass
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/Library/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so - When you’re done, reboot your iPhone.
- Now, change your wallpaper to something cool. You should be free of Rick’s ghost now.
- Follow the steps below to prevent getting hacked again.
Steps to change your iPhone root password (and minimize being hacked)
- Start mobile terminal (download and install via Cydia if you haven’t done so yet).
- Type su.
- Enter alpine as the password.
- At the prompt, type passwd.
- Enter your new root password. DO NOT FORGET THIS!
- Enter the same password again.
- You should now be secure from viruses that use the default password to hack into your phone.
If I never installed Mobile Terminal on my jailbreaked iPhone before, can I still get the virus? How does the virus spread? Through WiFi or 3G?
Big Thanks!!
I’ve followed ur instruction & get rid of the virus.
Have a nice day!!
rgd,
Maung
Thank You for your help. At first, I tried many times but seems it didnt work but after that, i realize there’s a space between “rm” and “/” …
Thanks so much.. it work.. for the virus author.. you’re the best.. one of a kind.. but, help produce good apps, not viruses.
@Afif If you haven’t jailbroken your phone, you can’t get this Ikee virus. I believe it can spread via both wifi and 3G networks, but I’m not absolutely certain about the 3G spread.
not familiar at all with linux. but if im being asked the confrimation, should i just type ‘y’ then enter? or should i just enter. please help thanks.
Did you do the su step?
yes i have.. but when it comes to deleting the files. a message asking for confirmation appeared. what should i do at this stage? since im not a linux guy, therefore unable to command it to confirm.
Thanks alot, i’m virus free now
Thanks for the easy to follow instructions!
The Rick has successfully been removed.
hey can somebody help me here… what should i do when it ask me for confirmation to remove the file? what command do i type?
WOW! made it! it works! thanks!
Thanks a million. It works!!!! The virus is gone
Done n TQ. Do remember to insert space between rm and /
Hope ther are more good man in this world like you.
bro.. i have a problem over here.. im using iphone 2G
and after downloading n reboot mobile terminal
when i run it n trying to type in password.. it jst say command not found
can help??
I’m glad this was able to help many of you. It annoyed me to no end.
@Amar – I’m not sure why you’re having problems, so many others have cleaned it out.
@gideon – which command did you type before the command not found one? su?
I think I am the first victim in Malaysia. It happened this morning. First attempt failed. Then I saw comment by yusri on the “space after rm”. tried again and woila! the ikee ghost gone! Thanks dudes! Now got to change my pw.
hey guys i got a better method!!!
1. try to restore yr iphone using the latest itunes. using the ‘iPhone2,1_3.1.2_7D11_Restore’ ( remember restore is using the shift + restore )
2. once yr iphonee is restore , (never back up yr iphone to the latest date) choose set up as a new phone!!
and everything is done, lastly
Steps to change your iPhone root password (and minimize being hacked)
1. Start mobile terminal (download and install via Cydia if you haven’t done so yet).
2. Type su.
3. Enter alpine as the password.
4. At the prompt, type passwd.
5. Enter your new root password. DO NOT FORGET THIS!
6. Enter the same password again.
7. You should now be secure from viruses that use the default password to hack into your phone.
thanx backpackers =) i cleaned it up..yahoooooo!!!!!!!!!!!!!
Gone through the steps 3 times but I still have the iKee
I’ve a 3GS with 3.12
Any more ideas?
Thanks
I just did the steps to get rid of the virus but my iphone gets stuck at the loading screen with the apple logo
De Cruz, are you sure you won’t lose your existing data, with your method? I would rather not wipe out everything on my phone, if possible – hence using mobile terminal to delete the problematic files. I still think my method is easiest, dude.
The best way to remove the Ikee virus is making a clear restore .
hey bro! iam able to change my PW! but not the virus..
i trying to type in
Type in the following commands one line at a time, end press return after each line.
You may get messages such as No such file or directory – but that’s fine, different variants may leave behind different files.
rm /bin/poc-bbot
rm /bin/sshpass
rm /System/Library/LaunchDaemons/com.ikey.bbot.plist
rm /var/lock/bbot.lock
rm /var/log/youcanbeclosertogod.jpg
rm /var/mobile/Library/LockBackground.jpg
rm /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
rm /usr/libexec/cydia/startup
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so
as u told.. but yet i cant delete the virus.. can help me up??
Do you get error messages? Do note that there is a between rm and the /
i try it out again today..
each line of command is not working..
it pop up saying cannot remove … no such file or directory..
i seriously need help on this
yep.. i know there’s a space between rm /
once the password changed, i wonder is it come to default password when the firmware is restored back?
Thanks bro…
You great bro…
Now my phone work as usual without Rick’s ghost
Thanks bro!!!
Thanks man.
That did the trick.
i am also infected, but i cant seem to delete any of the files?
There seem to be non of the files found in my iphone?
i did a manual delete from mobileterminal and also winscp into the phone to look for the files..
No such file or directory
So far i am able to delete # Remove: /var/mobile/LockBackground.jpg ONLY
plz advise
It is case sensitive, I believe, so do make sure you are typing it out exactly as per the instructions. Others have been “cured”, so you should be able to as well.
thanks bro. pls try to change password first then only use the above method. it works. my phone now clear with that piece of ugly photo. thanks to the author. good work.
hey bro.. i think i have the same problem as “jaws”
any solution to it??
thanks bro…worked after i read that there was a space between rm and the /
you have been a great help thanks man!!!!! keep up the good work
awesome worked
Hey mate, have same problem as gideon and jaws, always says file not found…
Big TQ to u…
i follow all the command…
IT WORKS!!!!
KEEP IT UP….!!
have a nice day….
Thanks Again….!!!
IM SO HAPPY NOW….
GO to HELL IKEE VIRUS…
Guys i cant do the last two ones!
rm /usr/libexec/cydia/startup-helper
rm /usr/libexec/cydia/startup.so
I did eveyrthing exactly as it is but it says no such file.=(
Help mee
WOW its work .. ty Bro
welll i think he’s not helping out even we cant solve the problem..
I have the same Problem as Jaws, im sure im typing it correctly :S
any ideas why this would occur?
Anya, it means you were infected by a different variant of the Ikee, and it doesn’t have those 2 files. Don’t worry about it.
thanks a lot buddy, it did work for me. good on ya
Thanks heaps backpackr! was stuck with that pic for weeks!
thanks again.
ps get stuffed iKee!
thxxx uuu!!! finally remove this worm from my iphone
All I can say is Thank You so much……….
You are the life saver……..
To all,
This really works…….
Again……. Thank you so much……
i have problem same as gideon.what can i do?
thanks guys for the great work
If you see this message :no such file or directory..
Go to cydia and download ifile and find all adress that type in terminal. Some of them is hidden or remove befor but some of them us stile there.
And for better result check A B C methods. After you find that file. Remove it.
It’s work for me after I can’t work white terminal.
Good luck
I tried this several times, off several websites…
I got a bum steer somewhere cause the file path:
” /var/mobile/Library/LockBackground.jpg”
was missing the sub-directory “/Library”
I think the original variant worked too but so it’s probably worth giving them both a shot.
Works good now but… Cheers ey
Hey!! thanks a heap!! it worked
!!!!
Hey whenever I try to delete the files I get a “permission denied”, any way to solve this??
not working for me man!!! i’ve followed instructions step by step and it is not working at all.
i hope you can help me
chris
thanks a lot !!! it’s work for me
it pissed me to the max to see my wallpaper with ricky 
but now it’s GONE !! yeayyyy
thanksssss loadsssssssssss
Thanks alot!
it worked! thank you!
I wanna point out it’s very easy to make a mistake when you are typing in the root menu as there is no spellcheck
Hi All,
I tried entering all the commands twice and some files were removed and some were not found but still the ugly face of ikee is still there.
Then I tried the 3rd time with case sensitive and some files were removed.
And the virus is gone now.
So I would like to share my experience that you must type in the commands as per what you see. If it is capital letter, type it as capital letter.
Thanks alot for the help.
Thanks for sharing your experience, Shunhui. You’re right, everything must be as per how I’ve documented it. Spaces must be where they are, and the capitalization must be right.
Thank you so muchhh for the help in removing this annoying virus !!
Yes you need to follow step-by-step from the beginning till the end and remember after the rm, there’s a space in between and again it’s case sensitive. If it’s capital letter, then follow.
Thanks againnn !! So glad that I don’t need to see Rick’s face anymore! haha
Hi,
I have this Ikee virus and really don’t know what to do. The version of my mobile is 1.1.4. Please give me the link to download mobile terminal.
Thank you
hi all! i cant be able to remove the last 2 steps, the ’startup-helper’ and ’startup.so’ but nevertheless i got rid of the irritating picture!!! thanks to the author! im using 16G 3GS, 3.1.2 firmware. so its proven right! thanks again!
As mentioned, if you cannot remove certain files, it is because you have a different variant of the ikee virus. You might not be infected with that strain, so don’t worry about it.
I have an iPhone 1:st gen and this worked perfectly thx!!!
works like a charm.
thanks a lot!
The easiest way to delete those files is by using DiskAid -(just follow the path) and use the terminal to change the password..
TheBackpackr thanks very much for your hardwork!!!
I’ve been infected yesterday 13.02.2010 and am living in Spain.
It worked! Now I’m clean again.
Rgds,
what an asshole that dude is he should go to jail for the years strangers have had to waste fixing his stupid prank
thanks. Its works and finally – i have my own wallpaper
Thanks a bunch! Been procrastinating this for the past few months but finally decided i’ve had enough of Rick Astley…
Hiii,
I’m from sri lanka.Thanks alot finally it did work.
thanks onece again
I got this ugly picture for the past 2 weeks, then I upgraded the Iphone latest version hopefully to reset everything back. Of course, Cydia was gone as well. Now the question is, how do I install the mobile terminal without Cydia?
Can someone help?
Thanks
THANKS MATE
dude you are the best man!! thanks alot
I’ve tried everything but it didn’t work for me?! is there any other way? pls let me know, thnx
Leave your response!
Live on Twitter...
Traveling abroad? Install these free iPhone apps before you go. http://bit.ly/daNfin 7 hrs ago
Maxis has been spending on Facebook games to boost their broadband adoption. Played their game yet? http://bit.ly/9j9sVN 1 day ago
Rather behind in my #project365 due to the patchy internet in the States. Here's a recent fave. http://bit.ly/boMh3Y 1 day ago
The Apple Store in Vegas is amazing. Sent in my defective battery & within 10 mins got a new one. @applemy takes 7 days. 1 day ago
After a long day at #wppi @Shootdiva and I are on the Vegas strip for a comedy show. Relaxing the mind. Ahhh... @wppi_2010 2 days ago
More updates...
Posting tweet...
Past Articles
Blogroll
TheBackpackr revealed…
These are my thoughts and analysis of the life behind an entrepreneur, media-junkie, gadget-junkie, photographer, once-PC-user-but-now-Mac and husband.
When I'm not traipsing the world to seek for adventure, I run Integricity, a creative design and technology agency.
Tags
Recent Comments
Most Commented
Most Viewed