Remove "weknow.ac" Malware in Chrome?

THANK YOU! Apple support walked me through deleting WeKnow from Safari but after some tries, they could not get rid of it from Chrome. They gave me a Google number to call but unsurprisingly, I couldn't get through. Luckily I found your instructions and you've solved the problem!! Thank you.

Skanson... you are a genius!!!! THANK YOU! I was on the phone twice (two different people) with apple customer support and they couldn't fix it. Going into terminal, copy and pasting exactly what he posted, hitting enter in between each one, then hitting control AND the letter "O" at the same time saved the work in terminal and got rid of the WeKnow.ac browser.

"For Safari, there are a variety of techniques being used to change the settings. One is to add a bookmark and change Safari's settings to load "tabs for" that bookmark item at startup. This is easy to miss, since the homepage entry can be left untouched, making it appear that something is still installed if you're not observing carefully."

Please expound on this, I don't follow.

I deleted chrom and reinstalled. Weknow.ac still there.

Thanks1

for whatever reason the defaults delete instructions failed as not found - any thoughts?

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2018-12-20 15:15:03.547 defaults[1268:13178] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

This is only thing that worked and is really simple. Just copy the full sentence over 6 times and hit enter each time. I tried everything else posted, called Geek quad two times and they removed and it reappeared, removed Goolge twice, then tried this and it worked. Wasted a day. Do this first.

Skanson!!!! You are the best!!

Thank you so much for the terminal commands, they worked PERFECTLY on any MacBook Air. I have uninstalled and re-installed Chrome what feels like a million times, deleted tons of "suspicious" files and folders, etc etc and nothing worked until I got the terminal instructions from you. THANK YOU SO MUCH!!!

Hi I'm still so confused I need help in the most layman explanation: I am opening terminal then entering the lines in your above post as follows, for example: "defaults write com.google.Chrome HomepageIsNewTabPage -bool false" What am i supposed to do next? Is that what you're saying to enter?

Can you please explain further how to do this step?

"You need to open the "Terminal" application (use the search functionality at the top-right to find it). Then copy and paste, one by one, the commands from my above post into the terminal prompt, hitting enter after pasting each."

I can't seem to get there....

Spent hours on this - this helped immediately. Not sure if some of the other stuff I did also helped, but doing this (deleting virus profiles) helped instantly. Still needed to go back and resent homepages, but now all good - YAY!!! Doesn't involve downloading anything extra.

https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/

This weknow.ac malware is driving me nuts.

Skanson I was able to find the policies you mentioned but can you provide some guidance on how to "use the command line to delete / modify the affected policies:"

Thanks!

i get unto this line of code and can't seem to get father. can anyone help! much appreciated!

HKXX-MacBook-Pro:~ HKMBR$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2019-02-04 11:23:05.571 defaults[832:16253] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

It is in Safari, I'm using Safari right now, and I have to use Clean My Mac every day and this thing still comes up as Homescreen even when it's not set to. I even deleted Chrome Browser hoping I wouldn't see it again.

Hi, I tried copying each command into Terminal and hitting enter, but Terminal returns a message saying "Domain (com.google.Chrome) does not exist. Defaults have not been changed." Do you know why this is happening?

OMG!!!!!!! THANK YOUUUUUUUUUUUUU. I have been dealing with this stupid weknow.ac malware for almost 4 months. I have tried everything and it still shows up when I open a new tab. This fix worked beautifully!!!! At one point, I had to delete my Chrome and use Safari. I was sooooo frustrated. McAfee didn't help, it doesn't see it.

I originally download the weknow.ac from a request to update my java. I found out later, that Java updates are never pushed through as a message. THANK YOU again!!! WooHoo.

Yep, ditto, thanks so much for this. Although the apple guy was very helpful and patient, sorted Safari out for me, and spent ages with me trying different things with Chrome, he didn't seem to know about this particular solution and warned me against going into terminal in case I deleted files that don't need deleting. But I just wanted to try it... and it worked. Brilliant. Thanks.