Remove "weknow.ac" Malware in Chrome?

I must be doing something wrong because this isn't working for me.

1. I close Chrome
2. I paste each line into Terminal
3. I reboot
4. I come back and it is still the page that comes up for a new page but with the google search engine
5. Malwarebytes isn't finding it

Any idea what I'm doing wrong?

Thanks

Thank you!!! It appears to have worked. I wasn't able to figure out how to change my terminal from bash to c-shell, but figured I would try enter your command lines anyway, one at a time, and it seems to have worked beautifully. I went back and checked the chrome policy after restarting chrome and it looked a lot different than when "weknow.ac" was in control.

THANK YOU

Thank You!! The "weknow..." virus affected my wife's computer (Chrome). Has taken us a long time to find a solution. However, your magic worked! I don't know how you figured this out, but you did. You are fabulous. Also, considering how many people have gotten infected with this, it is surprising that Apple has not created a solution. (We used Apple support and they were, in this case, not able to fix the problem.)

Now the big question: how did you figure this out? (Rhetorical.)

THANK YOU!!! I had been able to fix everything except for opening a new tab in Chrome, and I called Apple four times (hoping to get anyone who could help - but no luck) to no avail.

For those, like me, who had no idea how to open "Terminal", it is in the Applications folder under "Utilities."

There was already some text in there, but after the existing "$" I copied each line (the entire line, starting with defaults), pasted, and hit return. I repeated all six lines. And it worked!

Thanks you!!!

Can someone tell me (in simple terms, please) what I've done wrong?

I've read the entire thread, found where the Terminal is, and copied and pasted several times, but despite quitting Chrome after each attempt, I still get that "we know/Search" in Chrome.

If you check out my Terminal screen below, I'm obviously doing something wrong (or my Mac is really messed up), because after I copy and paste the commands and then hit Enter, it actually says "Defaults have not been changed."

Bruces-iMac:~ brucezwecker$ defaults write com.google.Chrome HomepageIsNewTabPage -bool false

Bruces-iMac:~ brucezwecker$ defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

Bruces-iMac:~ brucezwecker$ defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

Bruces-iMac:~ brucezwecker$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2019-03-04 19:04:28.141 defaults[2913:163766] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Bruces-iMac:~ brucezwecker$ defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

2019-03-04 19:04:54.120 defaults[2924:165760] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Bruces-iMac:~ brucezwecker$ defaults delete com.google.Chrome DefaultSearchProviderName

2019-03-04 19:05:09.087 defaults[2925:167038] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Bruces-iMac:~ brucezwecker$ 

Bruces-iMac:~ brucezwecker$ 

Bruces-iMac:~ brucezwecker$ 

Lulubo, I followed your advice, deleted 2 profiles (so now no longer have even an icon), restarted, and Google opened as the search engine. I'm surprised, but thank you so much!

Hopefully, I don't click on anything again that reinstalls weknow/search.

Hey! Have had the We Know malware on my laptop for quite while now and havent had any luck in removing it. When i try to enter the policies or 'commands' into Terminal it says 'command not found'. Can anybody help please? Maybe i'm not copying and pasting the right info? could someone help me out please - what exactly need to be copied and pasted?

Your advice worked for me sort of.

While searching for solution I brought up duckduckgo and which worked great but not in the url. Every new tab opened in weknow, for convenience I added the duckduckgo extension.

I followed your directions to change Chrome polices in the terminal. The first time I stopped after the 3rd or 4th line. I spent several hours "cleaning up" the library with no success so tried your method again. That time everything seemed to work great!

Each tab opened to the google homepage, searches in search bar or URL showed no sign of weknow.

But duckduckgo was now the default search engine. I went to change that and found weknow was still there!

I uninstalled Chrome and moved to Safari (which I had earlier managed to free from weknow)

Next morning I reinstalled Chrome and weknow was in every page and tab.

I opened up the terminal to change the policies after the 4th line - “Domain (com.google.Chrome) not found. Defaults have not been changed”

I started removing apps and deleting files (malware searches come up clean).

I restarted & opened Chrome - Now I can search Google in search bar and weknow is still in the URL.

1st 3 lines are reflected in the policies, but no defaults shown in policy. I am going to try again, I guess starting with line 4.

....

Because weknow is only showing in Chrome now (even after un&re install) is the malware hiding in some file or app in a Chrome specific path?

Thanks a lot Skanson. It's been months that i have been struggling with this.

This solved my problem in an instant.

Just one suggestion - I'm a Mac newbie. So "Use the command line" part confused me a bit. I had to search around and then take a wild guess that you meant Terminal app. I was looking for a command prompt option in my Google Chrome app. (sorry, like i said, newbie!)

It will help people like me if you just mentioned Terminal before what the policies to be changed.

Rest of the answer was bang on. Thanks so much!

I know this post was a while back, but I'm just now dealing with this frustrating malware! I can't pull up the "Terminal" application. Is it on the chrome://policy/ page? When I search, it doesn't come up.

Hi - I open the finder go to applications, along with all my apps is the utilities folder and in there I can open the terminal.

Weknow can be a challenge to remove in Chrome.

Even after following the instructions to change Chrome policies I uninstalled Chrome completely - then reinstalled it!!!

Keep us posted. I learned a lot trying to get rid of this little monster.

I have tried inputting these commands into Terminal - but the fourth one is returning this result

defaults delete com.google.Chrome DefaultSearchProviderSearchURL
2019-03-16 19:32:28.919 defaults[31985:320767] 
Domain (com.google.Chrome) not found.
Defaults have not been changed.

What am I doing wrong?

Thanks

This solution worked for me. Removing all the Chrome files didn't work. Running a scan didn't work. It appears to be coming in with Chrome or the policy settings aren't local. In looking online, I couldn't find where Chrome policies are stored.

hello.

i did exactly what you recommended after seeing the same thing in another website.

it worked fine. weknow was gone, and i haven't seen that new tab page since.

HOWEVER,

now, when i open a new tab, i simply get an about:blank screen, rather than the normal chrome new tab :/ (see below)

im pretty sure this is due to the delete statements, but im not sure. is there any way i can set it back? i will try using the "write" commands on this later and see if it works but i dont know. please help me out here

I'm not quite sure what search you are referencing. On the screen there is a box with the words "filter policy by name". I typed terminal there and got the response, no policy. At the very top right on my Mac, next to the time is a search icon. I typed terminal there, and got a listing of"possible hits", such as documents, other, PDF documents developer, and show in finder. I see I have chrome policies that have been affected. I feel like I'm so close, but not understanding terminal application. Thank you for any help you can give me!!!