Jailbroken iPhone4 4.1 running very warm at times

Discussion in 'iPhone Tips, Help and Troubleshooting' started by htsource, Dec 17, 2010.

  1. htsource macrumors newbie

    Joined:
    Dec 3, 2010
    #1
    I don't know what's going on lately but my jailbroken iPhone4 with 4.1 firmware runs hot from time to time with nothing special running that I know of. Battery would drain half in an hour and a bit.

    Unfortunately as of lately possibly after some Cydia app updates, I've lost the ability to do SSH to my phone. It refuses connectoin. I downloaded SysInfoPlus and SysStatsLite to check the CPU usage, unfortunately it doesn't show CPU usage per process, I see the total CPU usage. When the phone is warm, I see the CPU usage would hover around 85% to 90% free. When it's working fine, it's sitting at about 97% free.

    Are there any apps I can see CPU usage per process? I have SBSettings, and usually I have only Phone and Mail running under processes.

    Much appreciate any help,
     
  2. draz macrumors 6502a

    Joined:
    Jun 20, 2010
    #2
    Open up SysInfoPlus and check your running Processes.
    Look for poc-bbot
    If you see this process then you have a virus on your phone.
    You might also notice that bash and cp processes are at the top of the list and the PPID number is the same as poc-bbot PID number.

    If you do not see poc-bbot then look for another process with a PPID that is not 1 or 0, and reply back with that process name.

    If you have the above process running I'll post removal steps for you, instead of making a huge post that doesn't apply
     
  3. htsource, Dec 17, 2010
    Last edited: Dec 17, 2010

    htsource thread starter macrumors newbie

    Joined:
    Dec 3, 2010
    #3
    Thank you, looks like I do have the virus.

    I can see the following:

    cp - PID: 3304 PPID: 3302
    bash - PID: 3305 PPID: 3302
    poc-bbot - PID: 3302 PPID: 1

    Please send the instructions when you have a moment, much appreciate it

    P.S. Is this the reason I'm not able to SSH to the phone anymore?
     
  4. draz, Dec 17, 2010
    Last edited: Dec 17, 2010

    draz macrumors 6502a

    Joined:
    Jun 20, 2010
    #4
    Sorry to hear that

    First thing you would want to do is change your device root password.
    Cydia has it right on the home screen, read it: http://cydia.saurik.com/password.html
    I personally wasn't able to launch that Terminal app on Cydia's default repos but if you have any other repos then try that and see if their Terminal app works. Otherwise you might have to reinstall OpenSSH from Cydia for SSH to work. But once it does then launch Putty or any other terminal program from your computer and follow the steps listed by Saurik as they work fine via your computer.

    For the following steps you should have a program like iPhoneBrowser (http://code.google.com/p/iphonebrowser/) or if you can manage via SSH then try that and follow below:

    As with any virus, there are various versions out there so the following files and locations might not exist, but remove them:
    /bin/poc-bbot
    /bin/sshpass
    /System/Library/LaunchDaemons/com.ikey.bbot.plist
    /var/lock/bbot.lock


    There is another version which alters the following images:
    /var/log/youcanbeclosertogod.jpg
    /var/mobile/LockBackground.jpg
    I recommend copying the file to your computer and viewing it first to see if the image is altered or not.

    Another version also alters Cydia files
    /usr/libexec/cydia/startup
    /usr/libexec/cydia/startup.so
    /usr/libexec/cydia/startup-helper
    /System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist
    I recommend that you view each of those files before deleting them if the file looks fine leave it. If you do delete the files then you may have to install Cydia manually, so take caution.

    REMEMBER: DELETING FILES YOU ARE NOT SURE OF COULD CAUSE SERIOUS PROBLEMS WITH YOUR iPHONE!


    The most common version out in the wild would only have the first section of 4 files. When you copy poc-bbot over to your computer, your virus scanner should immediately identify it as the ikee virus (which is what you got caught with)


    The reason why you got caught is because you did not change your device root password from the default 'alpine' and left SSH turned on. Leaving it on allows someone like me to access your device from the comfort of my home and dump a virus in there, and while I am at it steal some of your precious data... Consider SSH like a backdoor to your phone. Change that default password, keep SSH off when you are not using it and you are safe.

    Let me know if you need some clarification.
     
  5. htsource thread starter macrumors newbie

    Joined:
    Dec 3, 2010
    #5
    Thanks so much, looks like I only have the first 4 files infected. Removed them as soon as I copied them over by using iPhonebrowser, my antivirus program picked it up right away as virus, wow!

    I'll see if the battery usage improves, thank you so much once again!
     
  6. draz macrumors 6502a

    Joined:
    Jun 20, 2010
    #6
    No problem,

    Just remember to change that default root password from 'alpine' to something else to stop this from happening again
     
  7. htsource thread starter macrumors newbie

    Joined:
    Dec 3, 2010

Share This Page