Remove "weknow.ac" Malware in Chrome?

Just dealt with this for an hour or two. I feel like an idiot but I found that there is a zipped uninstaller available directly from the weknow people. From their search page, click on the FAQ icon at the bottom left. Scroll down and bingo. Took about a minute and a half and cleaned everything right up.

The link provided by jacquifromtorquay worked.

https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/

I am so grateful. I just deleted the AdminPref file completely and I am back to normal (I think!)

Thanks!

This was the second link.

How to remove Weknow.ac redirect (Virus Removal Guide)

Scroll about 3/4 down the page to find the manual uninstall from Chrome.

It's an app in the /Applications/Utilities/ folder

No, I'm not talking about MalWareBytes for Mac. I'm talking about the link How To Remove Weknow.ac Redirect (Virus Removal Guide)

That takes you to https://malwaretips.com/blogs/remove-weknow-ac/

AND malwaretips.com is NOT malwarebytes.com - so you are just downloading someone else's malware IMHO.

I was able to finally unscrew the links that were causing the issue by going in to the Library and removing com.MacMechanic.Mac-Mechanic.plist and com.macmechanic.mmhlpr.plist and then going in to Settings, scrolling down to Search Engine, clicking on manage search engines and then changing it from weknow search engine back to google and then deleting the weknow search engine. You must change it from the weknow search engine to something else before you can delete it btw.

We ended up having the same problem and were able to get rid of most everything except for the new tab page, which was hijacked by weknow.ac. Apple care found this post and your solution. Before we used terminal, I decided to try using App Cleaner & Uninstaller to completely delete chrome and this appeared to work for us (just did the free option). I went ahead and still used the Terminal solution just in case, but for those wary of using the command line interface, this seemed to work for us.

I deleted Chrome MANY times. But what you have to do is go to Terminal app on your laptop (go to Spotlight search) and then copy and paste these lines.

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

Restart Chrome. Works a treat!! I've had this problem for months to the point I just gave up using Chrome.

Please read my blog to remove weknow.ac manually: Remove www.weknow.ac from Mac OS - SecureMacOS

<Disclaimer: this post contains links to my own website from which I may derive some form of compensation. My website does not contain 3rd party ads. This disclaimer is required by ASC Terms of Use whenever linking to one's own site or product.>

Carrie, I am not the most tech savvy person but I created my own website and no one touches it except myself so I am more tech-savvy than most I guess but I will definitely not be using the right terminology to explain things.

So Terminal is used to tell your computer to do something when you want it to do something to the whole computer. It's on every single Mac so it has to be there.

If you cannot find it by searching then go to Applications and then to Utilities and it should reside in Utilities.

Then open it up and copy and paste the commands one by one and then restart Chome. It really was a life saver. It's not the first time my mom or dad have downloaded something like this. My mom is usually savvy enough with not being tricked but this one got her and it really is one of the worst.

Following the steps with the "Terminal" program and deleting the files from the folders mentioned above in addition to removing the information from weknow within "profiles" (in system preferences) I finally managed to completely eliminate this crap from my mac

So I have tried the copy and pasting the commands to terminal but they did not work for me. The solution I found was way more simpler than I expected. I found the video on youtube which was extremely hard to find, my gosh! I recommend copy and pasting the link. This "virus" annoyed me to the core. But it's gone now. All is right with my Mac. 🙂

SUPER MALWARE, "Weknow.ac" aimed at Mac-users, how to remove. - YouTube

https://www.youtube.com/watch?v=SrG_UKtpDEM

These are the same links I posted both just in case one works and one doesn't.

Hope this helps,

Cheers!

Clean My Mac could be part of the problem, most here recommend removing that by Uninstalling it.

EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.

http://www.etresoft.com/etrecheck

Thank you, bennett, for a lot of good stuff here.

I think lulubo's tip below of deleting the fake admin profiles might've removed weknow already, but just in case, I just checked Applications and didn't see Flash Player or MacKeeper. I then went to Chrome Settings and Google was now identified as my default search engine. Weknow was still listed as a search engine, but unlike before, when I now clicked on the 3 vertical dots to the right, I was able to remove weknow from the list of search engines. Yesterday, I'd restored Chrome to the default settings.

Bottom line, this was a lot of mystery to me as well, but, fingers crossed, I'm rid of weknow now (and hopefully permanent).

Somewhere online ComboCleaner was recommended so I downloaded ComboCleaner. It didn't help but it did inspire me to delete a bunch of apps thinking that weknow could be hiding somewhere. I deleted Adobe Flash, I even deleted games, and any rarely used app.

The only thing that worked was deleting & reinstalling Chrome.

Goto setting and under startup check " open the new tab page "

under Appearance check " Show Home Button "

next line ... New Tab page Change ... click change and select Use the new tab page

close the setting page and restart chrome and you should be all set.

Also...

https://chrome.google.com/webstore/detail/blank-new-tab-page/jaadjnlkjnhohljficgoddcjmndjfdmi?hl=en