Remove "weknow.ac" Malware in Chrome?

Lulubo, I followed your advice, deleted 2 profiles (so now no longer have even an icon), restarted, and Google opened as the search engine. I'm surprised, but thank you so much!

Hopefully, I don't click on anything again that reinstalls weknow/search.

Thank you, bennett, for a lot of good stuff here.

I think lulubo's tip below of deleting the fake admin profiles might've removed weknow already, but just in case, I just checked Applications and didn't see Flash Player or MacKeeper. I then went to Chrome Settings and Google was now identified as my default search engine. Weknow was still listed as a search engine, but unlike before, when I now clicked on the 3 vertical dots to the right, I was able to remove weknow from the list of search engines. Yesterday, I'd restored Chrome to the default settings.

Bottom line, this was a lot of mystery to me as well, but, fingers crossed, I'm rid of weknow now (and hopefully permanent).

Hey! Have had the We Know malware on my laptop for quite while now and havent had any luck in removing it. When i try to enter the policies or 'commands' into Terminal it says 'command not found'. Can anybody help please? Maybe i'm not copying and pasting the right info? could someone help me out please - what exactly need to be copied and pasted?

When you open Terminal window, there will already be some text that lists your last login date and ends with your computer name and/or your Apple ID, followed by a $. The cursor (indicated by a grey rectangle on my screen) will be located just after that $. You need to copy/paste each of the six commands listed in the original post on this thread one at a time. Each command starts with the word "defaults." For example, the first command is "defaults write com.google.Chrome HomepageIsNewTabPage -bool false". Copy that entire command. Then click on the Terminal window so it becomes the active window, and paste. The text (starting with the word "defaults" will paste itself immediately following the $. Hit return. You need to repeat for each of the six commands, copying exactly as they are listed (for the second and third commands, you include the quotation marks.) In case you are reading on a small screen that isn't showing the proper line breaks, there are six commands total, each one begins with the word "defaults". You will copy, paste, and hit return six individual times. Hope that helps.

Your advice worked for me sort of.

While searching for solution I brought up duckduckgo and which worked great but not in the url. Every new tab opened in weknow, for convenience I added the duckduckgo extension.

I followed your directions to change Chrome polices in the terminal. The first time I stopped after the 3rd or 4th line. I spent several hours "cleaning up" the library with no success so tried your method again. That time everything seemed to work great!

Each tab opened to the google homepage, searches in search bar or URL showed no sign of weknow.

But duckduckgo was now the default search engine. I went to change that and found weknow was still there!

I uninstalled Chrome and moved to Safari (which I had earlier managed to free from weknow)

Next morning I reinstalled Chrome and weknow was in every page and tab.

I opened up the terminal to change the policies after the 4th line - “Domain (com.google.Chrome) not found. Defaults have not been changed”

I started removing apps and deleting files (malware searches come up clean).

I restarted & opened Chrome - Now I can search Google in search bar and weknow is still in the URL.

1st 3 lines are reflected in the policies, but no defaults shown in policy. I am going to try again, I guess starting with line 4.

....

Because weknow is only showing in Chrome now (even after un&re install) is the malware hiding in some file or app in a Chrome specific path?

Thanks a lot Skanson. It's been months that i have been struggling with this.

This solved my problem in an instant.

Just one suggestion - I'm a Mac newbie. So "Use the command line" part confused me a bit. I had to search around and then take a wild guess that you meant Terminal app. I was looking for a command prompt option in my Google Chrome app. (sorry, like i said, newbie!)

It will help people like me if you just mentioned Terminal before what the policies to be changed.

Rest of the answer was bang on. Thanks so much!

I know this post was a while back, but I'm just now dealing with this frustrating malware! I can't pull up the "Terminal" application. Is it on the chrome://policy/ page? When I search, it doesn't come up.

Hi - I open the finder go to applications, along with all my apps is the utilities folder and in there I can open the terminal.

Weknow can be a challenge to remove in Chrome.

Even after following the instructions to change Chrome policies I uninstalled Chrome completely - then reinstalled it!!!

Keep us posted. I learned a lot trying to get rid of this little monster.

Somewhere online ComboCleaner was recommended so I downloaded ComboCleaner. It didn't help but it did inspire me to delete a bunch of apps thinking that weknow could be hiding somewhere. I deleted Adobe Flash, I even deleted games, and any rarely used app.

The only thing that worked was deleting & reinstalling Chrome.

I have tried inputting these commands into Terminal - but the fourth one is returning this result

defaults delete com.google.Chrome DefaultSearchProviderSearchURL
2019-03-16 19:32:28.919 defaults[31985:320767] 
Domain (com.google.Chrome) not found.
Defaults have not been changed.

What am I doing wrong?

Thanks

This solution worked for me. Removing all the Chrome files didn't work. Running a scan didn't work. It appears to be coming in with Chrome or the policy settings aren't local. In looking online, I couldn't find where Chrome policies are stored.

Did you delete the profile from your system prefs? There are other folders that can hold malware. https://www.pcrisk.com/removal-guides/13007-weknowac-redirect-mac

The steps listed here were the first steps I tried before I started changing the policies.

Goto setting and under startup check " open the new tab page "

under Appearance check " Show Home Button "

next line ... New Tab page Change ... click change and select Use the new tab page

close the setting page and restart chrome and you should be all set.

Also...

https://chrome.google.com/webstore/detail/blank-new-tab-page/jaadjnlkjnhohljficgoddcjmndjfdmi?hl=en

I'm not quite sure what search you are referencing. On the screen there is a box with the words "filter policy by name". I typed terminal there and got the response, no policy. At the very top right on my Mac, next to the time is a search icon. I typed terminal there, and got a listing of"possible hits", such as documents, other, PDF documents developer, and show in finder. I see I have chrome policies that have been affected. I feel like I'm so close, but not understanding terminal application. Thank you for any help you can give me!!!

To change your homepage in Google Chrome, open your Chrome browser and click on the menu icon represented by three lines on the top right corner of the screen next to the Web address input field. Choose "Settings" from the drop-down options. In the "Settings" screen, check the box labeled "Show Home button".