Remove "weknow.ac" Malware in Chrome?

hello.

i did exactly what you recommended after seeing the same thing in another website.

it worked fine. weknow was gone, and i haven't seen that new tab page since.

HOWEVER,

now, when i open a new tab, i simply get an about:blank screen, rather than the normal chrome new tab :/ (see below)

im pretty sure this is due to the delete statements, but im not sure. is there any way i can set it back? i will try using the "write" commands on this later and see if it works but i dont know. please help me out here

Please read my blog to remove weknow.ac manually: Remove www.weknow.ac from Mac OS - SecureMacOS

<Disclaimer: this post contains links to my own website from which I may derive some form of compensation. My website does not contain 3rd party ads. This disclaimer is required by ASC Terms of Use whenever linking to one's own site or product.>

None of that works. Each of these "step-by-step" guides gives me a rundown of installing antivirus, I have installed 4! different ones that each have done absolutely nothing. I have followed manual delete, still here. scans find nothing. Nothing finds anything.

Every help chat on this gives me asinine help that does nothing

I have been researching this all afternoon, and I saw on another forum that "weknow.ac" seems to have changed their technique sometime within the past week, as any posts about removing the malware from July 2018 and before do not completely work. I have followed every possible step, removed all the malicious apps and Library files mentioned, run Malwarebytes, and I still can't get rid of the default "weknow.ac" search page in Chrome. I deleted Chrome and all its support files, reinstalled it, and the problem persists. There is something installed in the OS that keeps reinstalling the malware. For all the frustrated users on this board - I'm one of you - any guides to solving this problem prior to August 2018 will not fix the issue entirely. I am hoping Malwarebytes figures this out and releases an update to their software to include this latest attack.

I just followed this steps, and after opening Chrome got the same old SEARCH screen. Has anyone had any luck with cleaners other than malwarebytes.com? I have had the same experience of 2 Apple reps saying they were no longer able to help, that this was a Chrome problem. Safari and Firefox are clean now, thanks to a nice Apple rep yesterday named Duane.

No, I'm not talking about MalWareBytes for Mac. I'm talking about the link How To Remove Weknow.ac Redirect (Virus Removal Guide)

That takes you to https://malwaretips.com/blogs/remove-weknow-ac/

AND malwaretips.com is NOT malwarebytes.com - so you are just downloading someone else's malware IMHO.

I was able to finally unscrew the links that were causing the issue by going in to the Library and removing com.MacMechanic.Mac-Mechanic.plist and com.macmechanic.mmhlpr.plist and then going in to Settings, scrolling down to Search Engine, clicking on manage search engines and then changing it from weknow search engine back to google and then deleting the weknow search engine. You must change it from the weknow search engine to something else before you can delete it btw.

Ah! Gotcha'.

Yes, there are tons of sites out there like that. You can type in any malware name you want to remove, and there are dozens, or hundreds of links that send you to sites to "fix" the problem. Almost all of which want you to download some no-name app to do the work for you. Some are blatant sales pitches for some of the worst utilities you could ever put on your Mac. Can't tell you how many I've seen that encourage the user to download MacKeeper.

Which step did you take to fix the problem? (Malwarebytes?) I rebooted my machine after installing that and I was still completely hijacked in chrome and firefox (search engine options disabled).

For the record, I have wiped everything and set my mac back to factory defaults so I am bugfree but am interested in community eradication or at least a workable solution. I sent support at weknow.ac an email telling them they are evil and am receiving responses that "would indicate" that they think users can just disable it. They sent the link https://www.bugsfighter.com/remove-weknow-ac-mac/ which I had come across but no one is going to be psyched with downloading anything after this experience (i.e., CleanMyMac3 or Appcleaner). Interesting/baffling that they even responded 😕.

Sorry for the late response! I just followed what culvercitymacuser posted. I would suggest running the Malwarebytes first to fix the basics and then follow the steps from culvercitymacuser to fix Chrome.

flyingblind wrote:

I just followed this steps, and after opening Chrome got the same old SEARCH screen.

There are many different things that have been said on that thread, some of them wrong. See this one for a complete set of steps:

https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-ot hers/

😍😍😍😍😍 THANK YOU SO MUCH!!!!!! After many calls with level 2 techs over 2 weeks my mom was getting nowhere. This did it. I helped her look all over the internet for fixes but all of the directions did not pertain. weknow.ac didn't exist anywhere and probably because Apple had already removed bits and pieces but not the actual virus.

You are a lifesaver Skanson. Now this info needs to get out there so everyone else can fix their system. It's really too bad the level 2 Apple techs don't know this. Hopefully someone at Apple is reading this and will have the Apple techs do this now.

Thanks again!!!!!!

Carrie, I am not the most tech savvy person but I created my own website and no one touches it except myself so I am more tech-savvy than most I guess but I will definitely not be using the right terminology to explain things.

So Terminal is used to tell your computer to do something when you want it to do something to the whole computer. It's on every single Mac so it has to be there.

If you cannot find it by searching then go to Applications and then to Utilities and it should reside in Utilities.

Then open it up and copy and paste the commands one by one and then restart Chome. It really was a life saver. It's not the first time my mom or dad have downloaded something like this. My mom is usually savvy enough with not being tricked but this one got her and it really is one of the worst.