Remove "weknow.ac" Malware in Chrome?

I've noticed that a "Profile" was setup preventing the setting to be changed in Chrome.

1. System Preferences > Profiles remove the unrecognized profile (if this is a work computer you may want to check with IT to see if the profile is supposed to be there, by default there shouldn't be a profile.
2. Once removed O)pen Chrome and go to Chrome > Preferences > Choose the 3 lines on the top left choose "Search Options" (or something like that) you'll see the Search option WeKnow listed there. You can change that to something else. If you don't have the option to change it (greyed out) refer to step 1.
3. Below that there should be Manage Search Engines which shows a list of options, like Google, Bing. .... etc You'll see WeKnow there, remove that and any other you aren't wanting included.

I also suggest running an Anti-Malware program at some point, before or after you do this.

I had this issue for the past like 6 months and did the malwarebytes scans, and even the default boot writes in terminal for my hijacked chrome browser. The we know hijacker writes an additional administrative profile which was the last thing I hadn't removed and none of the scans picked up on. If you've done everything a million times and it still doesn't work I recommend doing this.

1. Go to system preferences.
2. Next to Accessibility there may be an icon with a checkmark that says "Profiles" this is causing the redirect although the virus is gone.
3. Select profiles.
4. Delete the adminpref by clicking on the (-).

Below is the link that showed me how to do this if you are confused, I recommend doing terminal default boot writes, malwarebyte scans, and a system restart one last time as well.

https://www.pcrisk.com/removal-guides/13007-weknowac-redirect-mac

Regards,

if using terminal doesn't work for you. The problem is that now We Know Ac is set as an Admin for your MAC directly affecting your terminal and if you input something there, it will not work as We Know Ac blocks it. So:

1. Go to your system preferences (the settings of our MAC), and look for a profiles icon.

2. Click on there (since in a default mac that shouldn't be there).

3. Remove all of the Admin blocks found.

4. And boom, you have a chrome free of malware.

This video & comment section ultimately saved me https://www.youtube.com/watch?v=C0xRhWCX2Is&vl=en

Also, if weknow.ac still pops up after you follow all of Skanson's steps, it is because weknow.ac installs itself as your iOS's administer. To remove weknow.ac as the administer, follow these steps:

• Go to your Mac's System Preference (It will appear after you click the "Apple" icon on the menu
• Look for "Profile" icon (which should not appear if you are the only Mac's administer)
• Click the "Profile" icon
• Remove all the profiles by clicking the "-" sign
• Restart the computer to make the elimination effective

Hi everyone. Not a mac guy, not a computer guy, so all of this is over my head. But I wanted to share how I dealt with this on my wife's iMac. On the we know search page that forces its way on to your computer, on the bottom left was a FAQ's link. And in there was an uninstall link. I was skeptical but desperate. Cleaned everything right up. My 2 cents. Good luck..

Not very glamorous but this works:

run malware bytes as usual and remove whatever it comes up with.

Download appzapper and use it to remove Chrome and its extensions

restart system.

download a new copy of chrome and it should be clean.

App zapper pulls out the hidden extensions chrome uses. Maybe not as fancy but it’s beej working for me so far.

Did you delete the profile from your system prefs? There are other folders that can hold malware. https://www.pcrisk.com/removal-guides/13007-weknowac-redirect-mac

The steps listed here were the first steps I tried before I started changing the policies.

1. First, launch the Google Chrome and click the Menu icon (icon in the form of three dots).
2. It will show the Google Chrome main menu. Choose More Tools, then click Extensions.
3. You’ll see the list of installed extensions. If the list has the plugin labeled with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following steps: Remove Chrome extensions installed by enterprise policy.
4. Now open the Google Chrome menu once again, click the “Settings” menu.
5. Next, click “Advanced” link, that located at the bottom of the Settings page.
6. On the bottom of the “Advanced settings” page, click the “Reset settings to their original defaults” button.
7. The Google Chrome will open the reset settings dialog box as on the image above.
8. Confirm the internet browser’s reset by clicking on the “Reset” button.
9. To learn more, read the blog post How to reset Google Chrome settings to default.

Just dealt with this for an hour or two. I feel like an idiot but I found that there is a zipped uninstaller available directly from the weknow people. From their search page, click on the FAQ icon at the bottom left. Scroll down and bingo. Took about a minute and a half and cleaned everything right up.

The link provided by jacquifromtorquay worked.

https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/

I am so grateful. I just deleted the AdminPref file completely and I am back to normal (I think!)

Thanks!

Clean My Mac could be part of the problem, most here recommend removing that by Uninstalling it.

EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.

http://www.etresoft.com/etrecheck

Thank you, bennett, for a lot of good stuff here.

I think lulubo's tip below of deleting the fake admin profiles might've removed weknow already, but just in case, I just checked Applications and didn't see Flash Player or MacKeeper. I then went to Chrome Settings and Google was now identified as my default search engine. Weknow was still listed as a search engine, but unlike before, when I now clicked on the 3 vertical dots to the right, I was able to remove weknow from the list of search engines. Yesterday, I'd restored Chrome to the default settings.

Bottom line, this was a lot of mystery to me as well, but, fingers crossed, I'm rid of weknow now (and hopefully permanent).

Somewhere online ComboCleaner was recommended so I downloaded ComboCleaner. It didn't help but it did inspire me to delete a bunch of apps thinking that weknow could be hiding somewhere. I deleted Adobe Flash, I even deleted games, and any rarely used app.

The only thing that worked was deleting & reinstalling Chrome.

Goto setting and under startup check " open the new tab page "

under Appearance check " Show Home Button "

next line ... New Tab page Change ... click change and select Use the new tab page

close the setting page and restart chrome and you should be all set.

Also...

https://chrome.google.com/webstore/detail/blank-new-tab-page/jaadjnlkjnhohljficgoddcjmndjfdmi?hl=en

Quit Chrome, move this file to the trash & restart in Safe Mode...

/Users/YourUserName/Library/Preferences/com.google.Chrome.plist

Might need to Trash this folder also...

/Users/YourUserName/Library/Saved Application State/com.google.Chrome.savedState