how to remove weknow.ac virus
My Mac Book is infected with weknow.ac virus. How can remove this virus?
MacBook, Mac OS X (10.6.8)
Question marked as
Question marked as
126 replies
look for Chanelcinq's answer...........
if unable to find, here is a copy paste of his answer...
"weknow.ac" changes a group of Chrome policies so as to set a new default homepage, new tab behavior, etc. You can see your current Chrome policies by typing chrome://policy/ into your URL bar. If you're infected, it should be very obvious as the half-dozen or so policies changed by weknow will be displayed.
Use the command line to delete / modify the affected policies. You do this by opening up "Terminal" and copy and paste each of the following entries below. I did each one at a time. I copy and pasted the first line and then hit enter and then went to the next until I had finished all 6 below:
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName
Quit Chome and restart it and voila the virus will be gone. I tried everything and 3 phone calls with Apple and this was the only thing that worked.
After wasting lots of time, I was able to fix this problem by taking a simple action.
- Launch "System Preferences"
- Select "Profiles"
- Delete "AdminPrefs" - In the content, we will see specifying "weknow.ac" as default search engine.
- As soon as I deleted these, both Chrome and Safari worked normal....
Thank you for your help.
This has been a maze and I had trouble getting rid of weknow. I tried numerous ways. and spent hours, I found the following and it worked for me.
Use the command line to delete / modify the affected policies. Do this by opening up "Terminal" (Click the magnifier on the top right corner of computer, type in “terminal” ), copy and paste each of the following entries below. Do one at a time. Copy and pasted the first line and then hit enter and then went to the next until finish all 6 below:
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName
Quit Chrome and restart it and voila the virus will be gone. I tried everything and this was the only thing that worked.
I post it here for people who have weknow virus to be used to get rid of it.
So I had weknow.ac on my Macbook and the Apple Support guy on the phone had me do the following:
- Update Safari search engine preferences to Google
- Go to System Preferences -> Profiles -> Remove everything you see there
- Download the free version of Malwarebytes (apparently the internal Apple policy is to recommend but not endorse this system, it's just what their support team uses when supporting customers)
- Have Malwarebytes scan for threats and PUPs
- Quarantine those threats and then remove them
- Then go through each browser to remove extensions, clear caches, etc.
- In Google Chrome specifically, we went into Settings and made sure everything was set to Google and then in the "Manage System Preferences" we were able to remove weknow.ac and other weird viruses.
- We restarted my laptop, double checked everything, and all was well!
I hope this helps. If you do take the time to call Apple Support, mention using Malwarebytes and they can walk you through.
Here's how I solved it.
- I did all of the things mentioned above in Terminal with the six command lines. That still didn't work.
- I called Apple Support and they had me follow these steps:
- Go to System Preferences
- Click on Profiles
- Delete the profiles (there was one that the virus created for Safari and another for Chrome)
- Reopen Browsers and the problem is solved.
I'm not sure this will work for everyone, but it worked for me.
Good luck!
If all else fails, as long as you have a current time machine backup
- Restart computer in Recovery Mode
- In Disk utilities, Erase the partition
- In Disk utilities Recreate Partition
- Install a clean copy of MacOS and reinstall data from TimeMachine (from a date before you got the virus)
1. Go to your system preferences (the settings of our MAC), and look for a profiles icon.
2. Click on there (since in a default mac that shouldn't be there).
3. Remove all of the Admin blocks found.
4. And boom, you have a chrome free of malware.
Show less
I called apple help and they had me install "Malwarebytes" then follow it's directions.
I tried downloading that and it did nothing. I ended up getting into PROFILES in System Preferences and deleting the two profiles the virus had set up. That seems to have done the trick.
THIS is what worked. I tried the Terminal commands to no avail. But deleting the Profiles under Apple-System Preferences worked like a charm! Thank you so much. xo
(from mamurd)
Here's how I solved it.
- I did all of the things mentioned above in Terminal with the six command lines. That still didn't work.
- I called Apple Support and they had me follow these steps:
- Go to System Preferences
- Click on Profiles
- Delete the profiles (there was one that the virus created for Safari and another for Chrome)
For Chrome. I spent hours on this issue, finally it worked using the instruction below. Good luck.
click the magnifier on the top right corner of computer, type in “terminal”
Use the command line to delete / modify the affected policies. You do this by opening up "Terminal" and copy and paste each of the following entries below. I did each one at a time. I copy and pasted the first line and then hit enter and then went to the next until I had finished all 6 below:
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName
Quit Chrome and restart it and voila the virus will be gone. I tried everything and 3 phone calls with Apple and this was the only thing that worked.
Janed0225, The thread has several solutions, though this user tip explains the vast majority of them.
https://discussions.apple.com/docs/DOC-250001907
My mac got infected with this weknow.ac thing but i was lucky to have backed up my mac the previous day before it got infected, so restoring my mac from the backup solved the issues weknow.ac brought to my browsers. restoring it fixed everything.
This could be an easy option for someone with a backup.
I called Apple help. They had me install a malware cleansing program and walked me through the process. The installed program, I think is called Malware bytes, took several minutes to remove the program.
how to remove weknow.ac virus