Remove "weknow.ac" Malware in Chrome?

This weknow.ac malware is driving me nuts.

Skanson I was able to find the policies you mentioned but can you provide some guidance on how to "use the command line to delete / modify the affected policies:"

Thanks!

The link provided by jacquifromtorquay worked.

https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/

I am so grateful. I just deleted the AdminPref file completely and I am back to normal (I think!)

Thanks!

Hi everyone. Not a mac guy, not a computer guy, so all of this is over my head. But I wanted to share how I dealt with this on my wife's iMac. On the we know search page that forces its way on to your computer, on the bottom left was a FAQ's link. And in there was an uninstall link. I was skeptical but desperate. Cleaned everything right up. My 2 cents. Good luck..

i get unto this line of code and can't seem to get father. can anyone help! much appreciated!

HKXX-MacBook-Pro:~ HKMBR$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2019-02-04 11:23:05.571 defaults[832:16253] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Not very glamorous but this works:

run malware bytes as usual and remove whatever it comes up with.

Download appzapper and use it to remove Chrome and its extensions

restart system.

download a new copy of chrome and it should be clean.

App zapper pulls out the hidden extensions chrome uses. Maybe not as fancy but it’s beej working for me so far.

It is in Safari, I'm using Safari right now, and I have to use Clean My Mac every day and this thing still comes up as Homescreen even when it's not set to. I even deleted Chrome Browser hoping I wouldn't see it again.

Clean My Mac could be part of the problem, most here recommend removing that by Uninstalling it.

EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.

http://www.etresoft.com/etrecheck

Hi, I tried copying each command into Terminal and hitting enter, but Terminal returns a message saying "Domain (com.google.Chrome) does not exist. Defaults have not been changed." Do you know why this is happening?

OMG!!!!!!! THANK YOUUUUUUUUUUUUU. I have been dealing with this stupid weknow.ac malware for almost 4 months. I have tried everything and it still shows up when I open a new tab. This fix worked beautifully!!!! At one point, I had to delete my Chrome and use Safari. I was sooooo frustrated. McAfee didn't help, it doesn't see it.

I originally download the weknow.ac from a request to update my java. I found out later, that Java updates are never pushed through as a message. THANK YOU again!!! WooHoo.

Yep, ditto, thanks so much for this. Although the apple guy was very helpful and patient, sorted Safari out for me, and spent ages with me trying different things with Chrome, he didn't seem to know about this particular solution and warned me against going into terminal in case I deleted files that don't need deleting. But I just wanted to try it... and it worked. Brilliant. Thanks.

Thank you!!! It appears to have worked. I wasn't able to figure out how to change my terminal from bash to c-shell, but figured I would try enter your command lines anyway, one at a time, and it seems to have worked beautifully. I went back and checked the chrome policy after restarting chrome and it looked a lot different than when "weknow.ac" was in control.

THANK YOU

Thank You!! The "weknow..." virus affected my wife's computer (Chrome). Has taken us a long time to find a solution. However, your magic worked! I don't know how you figured this out, but you did. You are fabulous. Also, considering how many people have gotten infected with this, it is surprising that Apple has not created a solution. (We used Apple support and they were, in this case, not able to fix the problem.)

Now the big question: how did you figure this out? (Rhetorical.)

THANK YOU!!! I had been able to fix everything except for opening a new tab in Chrome, and I called Apple four times (hoping to get anyone who could help - but no luck) to no avail.

For those, like me, who had no idea how to open "Terminal", it is in the Applications folder under "Utilities."

There was already some text in there, but after the existing "$" I copied each line (the entire line, starting with defaults), pasted, and hit return. I repeated all six lines. And it worked!

Thanks you!!!

Can someone tell me (in simple terms, please) what I've done wrong?

I've read the entire thread, found where the Terminal is, and copied and pasted several times, but despite quitting Chrome after each attempt, I still get that "we know/Search" in Chrome.

If you check out my Terminal screen below, I'm obviously doing something wrong (or my Mac is really messed up), because after I copy and paste the commands and then hit Enter, it actually says "Defaults have not been changed."

Bruces-iMac:~ brucezwecker$ defaults write com.google.Chrome HomepageIsNewTabPage -bool false

Bruces-iMac:~ brucezwecker$ defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

Bruces-iMac:~ brucezwecker$ defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

Bruces-iMac:~ brucezwecker$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2019-03-04 19:04:28.141 defaults[2913:163766] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Bruces-iMac:~ brucezwecker$ defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

2019-03-04 19:04:54.120 defaults[2924:165760] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Bruces-iMac:~ brucezwecker$ defaults delete com.google.Chrome DefaultSearchProviderName

2019-03-04 19:05:09.087 defaults[2925:167038] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Bruces-iMac:~ brucezwecker$ 

Bruces-iMac:~ brucezwecker$ 

Bruces-iMac:~ brucezwecker$ 

Amishboy, I can't give you an exact fix (because this is all a mystery to me!), but before I did the "Terminal" solution, I had already done a ton of other things. For example, I am pretty sure I got infected with "Weknow" by downloading either Flash Player and/or MacKeeper so I deleted those files from my applications. I also went through all of the settings in Chrome and Safari and had to reset the homepage, the default search engine, etc., as all of those items had been changed to Weknow. I literally opened every "setting" or "preference" type option I could in Chrome and Safari and manually reset every single thing I could find. I also followed the instructions of another post: https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-others, which suggestion deleting a bunch of items in the Library and Application sections of my hard drive. Anyhow, the point is that I think removing WeKnow is a multi-step process that requires doing all of these things. I'm sorry I don't have a simpler answer - this is all over my head! Good luck!