WireLurker requires a few steps for removal - on computers and iOS devices. The recommendation is to wipe the iOS device - and start from scratch, as outlined below. 

For the computer that is affected, there is a script that should be executed that will remove the files associated with WireLurker. 


The command to download the script on the Mac computer (as an administrator) is:

  •   curl -O https://raw.githubusercontent.com/PaloAltoNetworks-BD/WireLurkerDetector/master/WireLurkerDetectorOSX.py 


The command to then execute the script (as an administrator) is: 

  • python WireLurkerDetectorOSX.py 


To wipe your iOS device:


Use iCloud to back up your device and all personal data on it

  1. Go to Settings > General > Reset 
  2. Tap “Erase All Content and Settings” to clear all apps and data from the device 
  3. Restart your iOS device and set it up again 
  4. Sign into iCloud when you set up your iOS device and restore your backed up data 
  5. If needed, download your apps again from the App Store 


You can also attach your iPhone or iPad to your UNCOMPRIMISED Mac and use the “Restore iPhone/iPad” button in iTunes to factory-reset the device. The key to these steps is they clear out all programs on your iOS device which may have been compromised, and replace them with fresh copies. Your data and files should all be preserved, though you might lose some application settings.


For more detailed instructions see: http://bit.ly/10Edypi


If you wish to have assistance through this process, just let us know and we can schedule some time with you.