Remove "weknow.ac" Malware in Chrome?

Closing just Chrome probably won’t entirely do it. You will need to restart you computer for it to take affect. Also, did you enter each command individually; you should have a window that pops up after each entry that states it’s completion, can’t remember the wording.

Skanson,

After an entire day of nothing working, this did! However, when I restarted my computer, if I go to the chrome://policy page, it still shows my policies being messed up like they were before. Any idea why Chrome opens up fine after modifying the policies (via command line), but the policy page didn't change? I'm wondering if I'm still being "tracked."

Thanks again, for your post!

I've done as instructed and still no luck. Here is what is displayed after each line was copied and pasted:

Steves-MBP:~ stevehayko$ defaults write com.google.Chrome HomepageIsNewTabPage -bool false

Steves-MBP:~ stevehayko$ defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

Steves-MBP:~ stevehayko$ defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

Steves-MBP:~ stevehayko$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2018-10-28 09:54:58.921 defaults[7694:440908]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Steves-MBP:~ stevehayko$ defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

2018-10-28 09:55:08.057 defaults[7695:441072]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Steves-MBP:~ stevehayko$ defaults delete com.google.Chrome DefaultSearchProviderName

2018-10-28 09:55:15.569 defaults[7696:441253]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Steves-MBP:~ stevehayko$

Hello Skanson and guys.

Thank you very much for your help.

Unfortunately, I have not been able to get rid of this malware. I have tried several things and I think I deleted partially that crap, but I still see it is on Chrome. I tried to follow Skanson's advice but I did not work. I think the problem is that English is not my native language so I think I did no understand how I have to proceed. If you have any idea to help me, I'd appreciate it very much.

Thank you, guys !

Tayronas

Thanks so much for this solution. Spent an hour with McAfee without results. Got Safari cleaned up myself, but none of the on-line advice, including running Malwarebytes, fixed Chrome. Your Policy restoration commands did the trick!!

See post from robmaine above (Oct 24) and some posts that follow that one for more explicit step by step info. Copy and paste each entire line, including the blue links. I entered them one at a time at the Terminal black command entry box that appears after my user name, hitting return after each, but that may not be necessary.

Thanks so much! So happy it works and that you further explained what needed to be done. Spent time with Apple Support staff today who didn't know how to fix this. And spent many hours afterwards, trying to find another solution than backing up my old MacBook to an external harddrive and then reinstalling everything, as the Apple Support person suggested. Which would have been quite cumbersome since I need to use an older version of Safari to get the Java plug-in to work with my electronic timesheet for work (PC world).

Tusind tak! A thousand thanks, as we say it in Danish.

Thanks for your wonderful help in getting rid of this stubborn bogus Chrome. I'm so glad I found the link and your solution to the problem with my old MacBook.

Tusind tak! A thousand thanks, as we say in Danish.

I fell for the adobe flash needs updating scam and received the weknow.ac virus. I have spent a couple of hours trying to eliminate it by various means but the only that that fully works is to copy/paste your policies above into the terminal. I appreciate so much that you took the time to post the fix. I also downloaded malwarebytes and ran it.

Thanks,

It is disturbing that Apple techs don’t bother to keep up with these inputs from the user community. I guess they built that huge fortress of a facility to isolate themselves from the real world.

Joemc

THANK YOU! After searching for a while this is the only thing that worked for me. Don't download any unnecessary malware programs people....

this works.

"weknow.ac" changes a group of Chrome policies so as to set a new default homepage, new tab behavior, etc. You can see your current Chrome policies by typing chrome://policy/ into your URL bar. If you're infected, it should be very obvious as the half-dozen or so policies changed by weknow will be displayed.

All I had to do then was use the command line to delete / modify the affected policies:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

The changes will not take effect until you restart Chrome.

I recommend following some of the other pieces of advice in this thread, ie definitely do a malware scan too.

Aha!! This worked for me after doing a zillion other things to delete that piece of caca "weknow.ac" I still had a browser screen showing up with the fake icon images of AliBaba, Facebook, Google, et.al with a doctored "search" engine field box. Once I copied the lines, pasted into terminal, entered each one separately THEN rebooted my Mac, reopened Chrome and Voila! that pesky screen was gone for good!

By the way, did anyone else start getting phone calls on your mobile from a Chinese recording?

No, it won’t. Not even the $40 paid subscription version will do so.

Nor did the cryptic Terminal commands help me, as Weknow had infected Chrome, Safari and Firefox.

I called Apple Support, and for free the technician directed me to Profiles in System Settings; one of the many places this virus hides. In ten minutes - again, for no charge - the tech fixed my problem.

I’d strongly recommend calling Apple to remove WeKnow. It costs nothing, and the technicians seem to know all the places this persistent, difficult virus hides.

With me has worked and in a few seconds of copy/paste i fixed the issue. What can be different is that at the same moment i discovered the malware i start trying to fix the issue. Probably if the virus stays there more time will affect several other applications and browsers (they call it "virus" for this reason i guess)

My opinion is that the malware is installed exactly form the same people that pop up few second later with a "free" cleaner that will cost 39$ to work.. It is also possible that paying those 40$ you replied the virus in other areas aof the OS and Applications.

I was ready to initialize my mac rather than give them money ;-)

Worked for me.

Need to copy and pate all the above commands in Terminal one after the other, then press enter.

Then Quit Chrome and restart, no more weknow.ac

However, I do not know how to change the "New Tab Page", it's opening google, I need recents and frequently used like earlier