Clean Up Ikee.b Worm From iPhone [How To]

This article is for those folks who think (or even are sure) that their iPhone was attacked by a malicious Ikee.b worm. Here's the full article with virus description and its working schemes overview. The virus is pretty dangerous because it can do a lot of harm to your device. Ikee.b scans for devices with open SSH ports and default root password. After doing this it writes necessary files into iOS, extracts and installs them. Therefore, your handset can be used as a part of botnet system. Fortunately, there's a simple solution how you can delete the worm from your device once and for all.

To detect if your iPhone is infected check your root password and SSH connection availability. If you can't connect to your device by SSH and your root password is 'alpine' (which is default) your fears are most likely justified. If you are still not sure, check if you have files like these: com.apple.ksyslog.plist and com.apple.period. If the Ikee.b worm managed to intrude the system he will try to write his files to:

/BIN/POC-bbot /BIN/sshpass

/usr/libexec/cydia/startup /usr/libexec/cydia/startup-helper

After doing that he will change the background image:

/var/log/youcanbeclosertogod.jpg /usr/libexec/cydia/startup.so

And finally it writes the files into startup:

/System/Library/LaunchDaemons/com.ikey.bbot.plist /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist

That last action is needed for worm activation while next iPhone launch and for killing SSH access by deleting /bin/sshd. You can easily delete the Ikee.b virus by simply deleting these folders: /bin/poc-bbot /bin/sshpass /usr/libexec/cydia/startup /usr/libexec/cydia/startup-helper /var/log/youcanbeclosertogod.jpg /usr/libexec/cydia/startup.so /System/Library/LaunchDaemons/com.ikey.bbot.plist After deleting those System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist should look like this:

Label
com.saurik.Cydia.Startup
Program
/usr/libexec/cydia/startup
RunAtLoad

That's it, your gadget is now virus free. Now you need to reinstall SSH and reboot iPhone. Remember that this worm is able to access your device only because of jailbreaking as the process disables all the defense from iPhone. So if you want to be safe it's better to be sure that you know what you're into.

Software List

LetsUnlock Services List

iPhone & iPad Activation Lock Bypass

Use LetsUnlock iCloud Tool to bypass Activation Lock Screen on iPhone and iPad running on iOS version up to 14.6.

Unlock Passcode Disabled iPhone or iPad

LetsUnlock iCloud Tool is ready to remove Find My and unlock your passcode disable device running on iOS 13.x.x in one click!

MacOS iCloud Activation Lock Bypass

The LetsUnlock Mac iCloud Activation Lock Bypass Tool will help you to remove Activation Lock on an iCloud locked Mac which is stuck on Activation Lock Screen with no need to enter the correct Apple ID and password.

Mac EFI Firmware Passcode Bypass

The LetsUnlock EFI Bypass Tool is a one button solution, which you click to start the EFI Unlock process. Bypass EFI with out password! Everything else does the software.

MacOS iCloud System PIN Bypass

The LetsUnlock MacOS iCloud System PIN Bypass Tool was designed to bypass iCloud PIN lock on macOS without passcode!

Recent Blog

Ultimate Guide: How to turn Off Restricted Mode on iPhone?

Automate Apple GSX check result obtaining?

iRemove Unlock iPhone 5S, 5C, 5, SE, 4S/4 Software

MacOS High Sierra Features: Set Up Websites in Safari on Mac

How to Enable iOS 11 Mail Reply Notification on iPhone 7

How to Bypass Apple Watch Passcode Problem