Remove "weknow.ac" Malware in Chrome?

Thanks. :)

not work on me

After trying so many of these, this is the one that finally got rid of it!! Thank you so much!!

I don't understand what the "terminal" application is, I don't know see a search function???

Terminal is in Applications>Utilities.

Search function?

I have been researching this all afternoon, and I saw on another forum that "weknow.ac" seems to have changed their technique sometime within the past week, as any posts about removing the malware from July 2018 and before do not completely work. I have followed every possible step, removed all the malicious apps and Library files mentioned, run Malwarebytes, and I still can't get rid of the default "weknow.ac" search page in Chrome. I deleted Chrome and all its support files, reinstalled it, and the problem persists. There is something installed in the OS that keeps reinstalling the malware. For all the frustrated users on this board - I'm one of you - any guides to solving this problem prior to August 2018 will not fix the issue entirely. I am hoping Malwarebytes figures this out and releases an update to their software to include this latest attack.

Thanks, I spent 2 hours researching how to remove weknow.ac and this works, However it now forces Chrome to always use the generic google home page for new windows and new tabs.

If you want to use Chrome themes or have the base google homepage with most popular site visited (below the search bar) I found that you need to delete the first three via Terminal.

With Chrome closed, copy each line separately and past them in to the terminal.

defaults delete com.google.Chrome HomepageIsNewTabPage

defaults delete com.google.Chrome NewTabPageLocation

defaults delete com.google.Chrome HomepageLocation

Restart Chrome and should look like this with your most visited pages.

OMG it worked on my OS and is simple. Only after 3 apple people couldn't help over 4 hours. ugh.

Go to your chrome browser

type in: chrome://policy/

if it says WeKnow anywhere you're 'effed! But not anymore 🙂

just go type in TERMINAL in search box. On the bottom right comes up a black box - select the box

then this comes up:

simply copy and paste everything in bold after the prompt:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

then hit enter...

it may say nothing was changed... ignore the because it did change!

then CLOSE and QUIT your Chrome browser by Right clicking and selecting QUIT

then open your Chrome browser and it should be normal!!

Type in chrome://policy/ and you should see the following:

Done! You're no longer 'offed!!

I've done as instructed and still no luck. Here is what is displayed after each line was copied and pasted:

Steves-MBP:~ stevehayko$ defaults write com.google.Chrome HomepageIsNewTabPage -bool false

Steves-MBP:~ stevehayko$ defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

Steves-MBP:~ stevehayko$ defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

Steves-MBP:~ stevehayko$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2018-10-28 09:54:58.921 defaults[7694:440908]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Steves-MBP:~ stevehayko$ defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

2018-10-28 09:55:08.057 defaults[7695:441072]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Steves-MBP:~ stevehayko$ defaults delete com.google.Chrome DefaultSearchProviderName

2018-10-28 09:55:15.569 defaults[7696:441253]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Steves-MBP:~ stevehayko$

No, it won’t. Not even the $40 paid subscription version will do so.

Nor did the cryptic Terminal commands help me, as Weknow had infected Chrome, Safari and Firefox.

I called Apple Support, and for free the technician directed me to Profiles in System Settings; one of the many places this virus hides. In ten minutes - again, for no charge - the tech fixed my problem.

I’d strongly recommend calling Apple to remove WeKnow. It costs nothing, and the technicians seem to know all the places this persistent, difficult virus hides.

With me has worked and in a few seconds of copy/paste i fixed the issue. What can be different is that at the same moment i discovered the malware i start trying to fix the issue. Probably if the virus stays there more time will affect several other applications and browsers (they call it "virus" for this reason i guess)

My opinion is that the malware is installed exactly form the same people that pop up few second later with a "free" cleaner that will cost 39$ to work.. It is also possible that paying those 40$ you replied the virus in other areas aof the OS and Applications.

I was ready to initialize my mac rather than give them money ;-)

Worked for me.

Need to copy and pate all the above commands in Terminal one after the other, then press enter.

Then Quit Chrome and restart, no more weknow.ac

However, I do not know how to change the "New Tab Page", it's opening google, I need recents and frequently used like earlier

Hi! I have pasted each one of the commands from your post in the terminal prompt and the first work fine but when I paste the last 3 and hit enter I get this message:

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Is there anything I can do for this to remove this malware? Thank you!

The following code line wise need to be copied and pasted in "Terminal" app available in your launch pad.

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

You have to copy each and every line and then hit enter.

Everything worked out well after that, but, I like to have "New Tab Page" with recents and favourites being displayed, which is now displaying www.google.com when I hit the "+" to add new page. Except that every thing is good.

Appreciate if Skason can explain us how to get default New Tab Page in Chrome instead of www.google.com

Amishboy, I can't give you an exact fix (because this is all a mystery to me!), but before I did the "Terminal" solution, I had already done a ton of other things. For example, I am pretty sure I got infected with "Weknow" by downloading either Flash Player and/or MacKeeper so I deleted those files from my applications. I also went through all of the settings in Chrome and Safari and had to reset the homepage, the default search engine, etc., as all of those items had been changed to Weknow. I literally opened every "setting" or "preference" type option I could in Chrome and Safari and manually reset every single thing I could find. I also followed the instructions of another post: https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-others, which suggestion deleting a bunch of items in the Library and Application sections of my hard drive. Anyhow, the point is that I think removing WeKnow is a multi-step process that requires doing all of these things. I'm sorry I don't have a simpler answer - this is all over my head! Good luck!