Remove "weknow.ac" Malware in Chrome?

Kelli there is no search in Terminal. You just simply enter the following info in the box and hit enter:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

I copy and pasted one line at a time and hit enter before going to the next one. But I think you can paste the whole thing and then hit enter. But that's it. 🙂

My process was as follows:

1. Installed BitDefender software and ran Full Scan

2. Restored Google Chrome to it's initial settings as follows:

Click theCustomize and Control Google Chrome(Three stacked horizontal lines) button.

ClickSettings.

Scroll to the bottom and clickShow Advanced Settings.

Scroll to the bottom of advanced settings and clickReset Browser Settings.

ClickReset.

3. Then I checked for infected policies by accessing "chrome://policy/"

4. Then I used Terminal to run all of the following commands (one at a time) with Chrome closed:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

Upon opening Chrome, everything was back to normal!

This did not work. These were my results:

Last login: Fri Oct
5 10:28:33 on ttys000

Davids-MBP:~ david$ defaults write com.google.Chrome HomepageIsNewTabPage -bool false

Davids-MBP:~ david$

Davids-MBP:~ david$ defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

Davids-MBP:~ david$

Davids-MBP:~ david$ defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

Davids-MBP:~ david$

Davids-MBP:~ david$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2018-10-05 10:29:33.631 defaults[607:51951]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Davids-MBP:~ david$

Davids-MBP:~ david$ defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

2018-10-05 10:29:33.663 defaults[608:51956]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Davids-MBP:~ david$

Davids-MBP:~ david$ defaults delete com.google.Chrome DefaultSearchProviderName

2018-10-05 10:29:33.696 defaults[609:51960]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Most notably, as it says in highlight,

"Domain (com.google.Chrome) not found.

Defaults have not been changed."

Following the steps with the "Terminal" program and deleting the files from the folders mentioned above in addition to removing the information from weknow within "profiles" (in system preferences) I finally managed to completely eliminate this crap from my mac

I followed @skanson's advice and pasted the 6 lines of code into my terminal and I finally got rid of weknow in Chrome!

I reset my sync settings in Chrome first, and then deleted it altogether before pasting the code into terminal. When I reinstalled Chrome, my search engine is now google again! Thanks all and good luck.

We ended up having the same problem and were able to get rid of most everything except for the new tab page, which was hijacked by weknow.ac. Apple care found this post and your solution. Before we used terminal, I decided to try using App Cleaner & Uninstaller to completely delete chrome and this appeared to work for us (just did the free option). I went ahead and still used the Terminal solution just in case, but for those wary of using the command line interface, this seemed to work for us.

Not that it's any of my business which browser you choose to use, I am sure you are well aware of how Google love's to track everything you do online. Also, the ad blocker add on blocks everything except Google related objects. I've recently discovered a browser that is giving Chrome a run for it's money and is extremely good at weeding out adware. It is called Brave. As an added bonus, a good alternative to the Google Search engine is DuckDuckGo.

Skanson, you are a genius!!! Thanks. It took me a while but it's so easy once i figure it out. For those whose having this issue, basically go to your utilities from the application, find terminal and copy and paste skanson whole defaults blahhh... to your terminal. press enter and done!! AWesome Skanson

You need to open the "Terminal" application (use the search functionality at the top-right to find it). Then copy and paste, one by one, the commands from my above post into the terminal prompt, hitting enter after pasting each.

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

The changes will not take effect until you restart Chrome.

It is that simple.

Thank you so very much!!!! Sad to know that people continue to put viruses out there, but still good to know there are people like you that share their knowledge to help total strangers. I can't thank you enough. Spent hours today trying to figure this out!

Hi. Thanks for your help, but I'm having a problem where on the last three, it says "Defaults Have Not Been Changed" I have little experience with terminal and I'm so frustrated and tired of this virus. I'm not sure how to fix this. I've tried copying/pasting all at once, or doing one at a time (either in the box, or after clicking "New Command"

any help would be so appreciated.

So I have tried the copy and pasting the commands to terminal but they did not work for me. The solution I found was way more simpler than I expected. I found the video on youtube which was extremely hard to find, my gosh! I recommend copy and pasting the link. This "virus" annoyed me to the core. But it's gone now. All is right with my Mac. 🙂

SUPER MALWARE, "Weknow.ac" aimed at Mac-users, how to remove. - YouTube

https://www.youtube.com/watch?v=SrG_UKtpDEM

These are the same links I posted both just in case one works and one doesn't.

Hope this helps,

Cheers!

To paste in the commands I chose "New Command" under the Shell menu at the top in the Terminal App. Repeated for each command. Did the trick!!! I did restart my laptop to see the results. And yes, my default homepage is blank too. That needs to be reset. What an evil hijacker! Thank you Skanson!

okay so i went to applications, then terminal, then shell menu, then new command. I copied and pasted each individual code, closed out of chrome after copying and pasting in terminal and reopened it and I am still having the same issue.

Also when i paste the command in it has said

2018-10-22 15:03:19.079 defaults[650:11207]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

[Process completed]

I am not understanding what I could be doing wrong