Remove "weknow.ac" Malware in Chrome?

I know this post was a while back, but I'm just now dealing with this frustrating malware! I can't pull up the "Terminal" application. Is it on the chrome://policy/ page? When I search, it doesn't come up.

Hi - I open the finder go to applications, along with all my apps is the utilities folder and in there I can open the terminal.

Weknow can be a challenge to remove in Chrome.

Even after following the instructions to change Chrome policies I uninstalled Chrome completely - then reinstalled it!!!

Keep us posted. I learned a lot trying to get rid of this little monster.

I have tried inputting these commands into Terminal - but the fourth one is returning this result

defaults delete com.google.Chrome DefaultSearchProviderSearchURL
2019-03-16 19:32:28.919 defaults[31985:320767] 
Domain (com.google.Chrome) not found.
Defaults have not been changed.

What am I doing wrong?

Thanks

This solution worked for me. Removing all the Chrome files didn't work. Running a scan didn't work. It appears to be coming in with Chrome or the policy settings aren't local. In looking online, I couldn't find where Chrome policies are stored.

hello.

i did exactly what you recommended after seeing the same thing in another website.

it worked fine. weknow was gone, and i haven't seen that new tab page since.

HOWEVER,

now, when i open a new tab, i simply get an about:blank screen, rather than the normal chrome new tab :/ (see below)

im pretty sure this is due to the delete statements, but im not sure. is there any way i can set it back? i will try using the "write" commands on this later and see if it works but i dont know. please help me out here

I'm not quite sure what search you are referencing. On the screen there is a box with the words "filter policy by name". I typed terminal there and got the response, no policy. At the very top right on my Mac, next to the time is a search icon. I typed terminal there, and got a listing of"possible hits", such as documents, other, PDF documents developer, and show in finder. I see I have chrome policies that have been affected. I feel like I'm so close, but not understanding terminal application. Thank you for any help you can give me!!!

Sadly, this didn't work for me. It seemed to take the first three write commands, but when I enter the three delete commands Terminal responds with "Domain (com.google.Chrome) not found. Defaults have not been changed." Any other suggestions? I've never had this much trouble removing it before. Obviously, they're getting better at this. Very frustrated!

Hi,

Please can you help me ?

Each time I open Google Chrome, Weknow appears ! I deleted from everywhere also.

I followed your instructions through the Terminal application but WeKnow is still there.

Do I have to copy/paste this : defaults write com.google.Chrome HomepageIsNewTabPage -bool false OR this : com.google.Chrome HomepageIsNewTabPage -bool false

Thanks for helping me

I get through the top three commands and then when I enter any of these, I keep getting the same message:

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

2019-05-22 23:40:26.646 defaults[58696:687519] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

I am at my wits end!

Help!

Can those still having problems try this? Or are these the commands you've tried?

Enter the following commands, pressing enter after each line:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

Re-open Chrome and the issue should be resolved.

Also see this thread...

https://support.google.com/chrome/thread/3396218?msgid=4124217

I plugged this into the terminal. I'm having the an error where it's saying:

"Domain (com.google.Chrome) not found.

Defaults have not been changed.

Jeffs-MBP:~ jeffjohnson$ 

I'm not very experienced with this stuff, I'd love some help if you guys have a solution to this. It lists my IP beforehand I believe.

Well, Youtube has some videos with mixed results.

1. Going to Systems preference and deleting the profile icon works only in part.
2. Using Terminal - I struggle with this one. They refer to full list of commands to copy to terminal, only it does not say how to bring that list up on the screen.

My Safari and Chrome were affected. FireFox was much better in blocking the We know.ac virus.

Check Safari preference and go to the website tabs. We know is hidden in there and I have not been able to delete it.

In Chrome, removing profile from Systems preference allowed me to edit and remove weknow from the search engine, but it still comes up if i do a File, and new window.

I have found nothing that totally removed the we know.ac virus.

I tried many malware removal tools and none of them even recognized the virus.

The adware behind this has gotten very sneaky about how these changes are made. The changes to the Chrome profile are non-trivial to reverse, and as a representative of Malwarebytes, I would not recommend relying on Malwarebytes to fix those settings. Even if the changes made by the adware were trivial, poking at the contents of undocumented Chrome-related files could potentially cause Chrome-related data loss, so it's not the sort of thing currently done by Malwarebytes for Mac.

Currently, my advice is to completely delete Chrome and all Chrome data files from the computer. Then reinstall a fresh copy of Chrome, and set it up from scratch. If you have Chrome bookmarks you don't want to lose, export those first and import them after reinstalling.

You also need to think about Chrome sync. If you're using it, you could end up syncing malicious changes right back onto your device, or onto other devices. You'll want to reset Chrome sync.

For Safari, there are a variety of techniques being used to change the settings. One is to add a bookmark and change Safari's settings to load "tabs for" that bookmark item at startup. This is easy to miss, since the homepage entry can be left untouched, making it appear that something is still installed if you're not observing carefully.

Thanks for this response....can you please explain how to use the command line to delete / modify the affected policies? I can see that my policies are affected as described..

not sure what to do once i get to the page chrome://policy/

thanks!!!

You need to open the "Terminal" application (use the search functionality at the top-right to find it). Then copy and paste, one by one, the commands from my above post into the terminal prompt, hitting enter after pasting each.