Remove "weknow.ac" Malware in Chrome?

To change your homepage in Google Chrome, open your Chrome browser and click on the menu icon represented by three lines on the top right corner of the screen next to the Web address input field. Choose "Settings" from the drop-down options. In the "Settings" screen, check the box labeled "Show Home button".

To change your homepage in Google Chrome, open your Chrome browser and click on the menu icon represented by three lines on the top right corner of the screen next to the Web address input field. Choose "Settings" from the drop-down options. In the "Settings" screen, check the box labeled "Show Home button".

Sadly, this didn't work for me. It seemed to take the first three write commands, but when I enter the three delete commands Terminal responds with "Domain (com.google.Chrome) not found. Defaults have not been changed." Any other suggestions? I've never had this much trouble removing it before. Obviously, they're getting better at this. Very frustrated!

Hi,

Please can you help me ?

Each time I open Google Chrome, Weknow appears ! I deleted from everywhere also.

I followed your instructions through the Terminal application but WeKnow is still there.

Do I have to copy/paste this : defaults write com.google.Chrome HomepageIsNewTabPage -bool false OR this : com.google.Chrome HomepageIsNewTabPage -bool false

Thanks for helping me

I get through the top three commands and then when I enter any of these, I keep getting the same message:

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

2019-05-22 23:40:26.646 defaults[58696:687519] 

Domain (com.google.Chrome) not found.

Defaults have not been changed.

I am at my wits end!

Help!

Can those still having problems try this? Or are these the commands you've tried?

Enter the following commands, pressing enter after each line:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

Re-open Chrome and the issue should be resolved.

Also see this thread...

https://support.google.com/chrome/thread/3396218?msgid=4124217

I plugged this into the terminal. I'm having the an error where it's saying:

"Domain (com.google.Chrome) not found.

Defaults have not been changed.

Jeffs-MBP:~ jeffjohnson$ 

I'm not very experienced with this stuff, I'd love some help if you guys have a solution to this. It lists my IP beforehand I believe.

Quit Chrome, move this file to the trash & restart in Safe Mode...

/Users/YourUserName/Library/Preferences/com.google.Chrome.plist

Might need to Trash this folder also...

/Users/YourUserName/Library/Saved Application State/com.google.Chrome.savedState

I ALSO FIXED THE PROBLEM!

I wanted to follow up to this solution b/c this solution ultimately saved me. However, it's a year later and the malware has different app names and file names, and the policies are all different. So I wanted to update with my solution. Thanks to @Skanson for the original help with the Terminal commands, I wouldn't have known how to do that.

With inspiration from many different forums, I did several things which seem to have gotten rid of the problem entirely (fingers crossed):

1) Immediately delete/uninstall whatever malicious program you downloaded that ended up taking over Chrome. Mine was called "Macbook Cleaner Pro." I got a message from a website saying I needed to install the most up to date Adobe Flash Player, which was a clever trick b/c I actually have gotten legitimate updates like that several times throughout the last year, so I immediately downloaded it without thinking. Big mistake.

2) I used Malwarebytes to find any remaining files linked to Macbook Cleaner Pro (MCP). Although people are skeptical of Mac malware programs for good reason (I was using Dr. Cleaner for a while which eventually removed critical launch files that allowed my computer to restart and shutdown and I ended up having the wipe the computer and reinstall everything), Malwarebytes identified 5 additional MCP files through its normal scan function and deleted them. Happy about that b/c I wouldn't have found them myself.

3) The next thing I did was reset Chrome settings to default after exporting my bookmarks, which I didn't actually have to do b/c it is saved in the cloud, but just for good measure. Quit Chrome and reopen.

4) The final issue is all of the Chrome policies the malware installed automatically on Chrome that make it impossible to sign in to Chrome and show the message saying "Chrome is managed by your organization" or something similar, essentially cutting you out from changing settings, extensions, signing in, etc. And of course the malware is probably reading all of your movements and information and selling it to someone. I was on a bunch of different websites that warned against deleting policies that might be critical to the functioning of Chrome. But I eventually came across a blog that said that policies aren't necessary, that you only have them if Chrome is being managed by someone else or if you put them there yourself. Which I never have.. So, my conclusion was that Chrome shouldn't have any policies running. Into your address bar in Chrome, type in chrome://policy. Then use the following command online that you should plug into the Terminal app on Mac one by one with the name of the policy at the end: 

defaults write com.google.Chrome [POLICYNAME]

Put that into Terminal, hit enter, paste again and change the policy name, hit enter, etc. This process is deleting the policy you type in every time you hit enter. Do that one by one for every policy you see listed. When you're done, quit Chrome and reopen. Should fix it! If you can't see the entire policy name, click on it, it'll open a new tab that should read the entire policy name.

That solved the problem for me! Can't speak for anyone else, and I'm definitely not a computer whiz, but I wanted to throw this on here for other Mac users like me who are struggling.

Hey HeathenJeff, I posted this in the general thread too, but wanted to respond to you directly, hope this helps!

—————

I wanted to follow up to this solution b/c this solution ultimately saved me. However, it's a year later and the malware has different app names and file names, and the policies are all different. So I wanted to update with my solution. Thanks to @Skanson for the original help with the Terminal commands, I wouldn't have known how to do that.

With inspiration from many different forums, I did several things which seem to have gotten rid of the problem entirely (fingers crossed):

1) Immediately delete/uninstall whatever malicious program you downloaded that ended up taking over Chrome. Mine was called "Macbook Cleaner Pro." I got a message from a website saying I needed to install the most up to date Adobe Flash Player, which was a clever trick b/c I actually have gotten legitimate updates like that several times throughout the last year, so I immediately downloaded it without thinking. Big mistake.

2) I used Malwarebytes to find any remaining files linked to Macbook Cleaner Pro (MCP). Although people are skeptical of Mac malware programs for good reason (I was using Dr. Cleaner for a while which eventually removed critical launch files that allowed my computer to restart and shutdown and I ended up having the wipe the computer and reinstall everything), Malwarebytes identified 5 additional MCP files through its normal scan function and deleted them. Happy about that b/c I wouldn't have found them myself.

3) The next thing I did was reset Chrome settings to default after exporting my bookmarks, which I didn't actually have to do b/c it is saved in the cloud, but just for good measure. Quit Chrome and reopen.

4) The final issue is all of the Chrome policies the malware installed automatically on Chrome that make it impossible to sign in to Chrome and show the message saying "Chrome is managed by your organization" or something similar, essentially cutting you out from changing settings, extensions, signing in, etc. And of course the malware is probably reading all of your movements and information and selling it to someone. I was on a bunch of different websites that warned against deleting policies that might be critical to the functioning of Chrome. But I eventually came across a blog that said that policies aren't necessary, that you only have them if Chrome is being managed by someone else or if you put them there yourself. Which I never have.. So, my conclusion was that Chrome shouldn't have any policies running. Into your address bar in Chrome, type in chrome://policy. Then use the following command online that you should plug into the Terminal app on Mac one by one with the name of the policy at the end: 

defaults write com.google.Chrome [POLICYNAME]

Put that into Terminal, hit enter, paste again and change the policy name, hit enter, etc. This process is deleting the policy you type in every time you hit enter. Do that one by one for every policy you see listed. When you're done, quit Chrome and reopen. Should fix it! If you can't see the entire policy name, click on it, it'll open a new tab that should read the entire policy name.

That solved the problem for me! Can't speak for anyone else, and I'm definitely not a computer whiz, but I wanted to throw this on here for other Mac users like me who are struggling.

THANK YOU SOOOOOOO MUCH!!!! it worked- 3 days of trying to crack it. Bless u!!

Hi. Can you help me find the "Terminal Application"? All I can see is this.

Hi. Can you please help me with the "Terminal" Application? I can't find it. Thank you!

When I type in terminal nothing comes up. See below for the before and after I type in "Terminal" is there something I'm missing?

not work on me