Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

how to remove weknow.ac virus

My Mac Book is infected with weknow.ac virus. How can remove this virus?

MacBook, Mac OS X (10.6.8)

Posted on Sep 13, 2018 10:19 AM

Reply
Question marked as Best reply

Posted on Mar 3, 2019 2:58 PM

Here's how I solved it.


  1. I did all of the things mentioned above in Terminal with the six command lines. That still didn't work.
  2. I called Apple Support and they had me follow these steps:
    1. Go to System Preferences
    2. Click on Profiles
    3. Delete the profiles (there was one that the virus created for Safari and another for Chrome)
    4. Reopen Browsers and the problem is solved.


I'm not sure this will work for everyone, but it worked for me.


Good luck!

126 replies
Question marked as Best reply

Mar 3, 2019 2:58 PM in response to udayfromwalnut

Here's how I solved it.


  1. I did all of the things mentioned above in Terminal with the six command lines. That still didn't work.
  2. I called Apple Support and they had me follow these steps:
    1. Go to System Preferences
    2. Click on Profiles
    3. Delete the profiles (there was one that the virus created for Safari and another for Chrome)
    4. Reopen Browsers and the problem is solved.


I'm not sure this will work for everyone, but it worked for me.


Good luck!

Sep 25, 2018 3:59 PM in response to udayfromwalnut

My mom had this virus and was unable to remove it. I was helping her and tried everything I could, plus she spoke with three Level 2 Apple techs and in the end, they could not help, but FINALLY, these instructions solved the issue. This was posted by Skanson on another post. I changed around the instructions just a bit to make them more clear. If you have tried the other stuff and cannot remove the virus try this. It has worked for me and others.


"weknow.ac" changes a group of Chrome policies so as to set a new default homepage, new tab behavior, etc. You can see your current Chrome policies by typing chrome://policy/ into your URL bar. If you're infected, it should be very obvious as the half-dozen or so policies changed by weknow will be displayed.


Use the command line to delete / modify the affected policies. You do this by opening up "Terminal" and copy and paste each of the following entries below. I did each one at a time. I copy and pasted the first line and then hit enter and then went to the next until I had finished all 6 below:


defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName


Quit Chome and restart it and voila the virus will be gone. I tried everything and 3 phone calls with Apple and this was the only thing that worked.

Apr 7, 2019 8:57 PM in response to mamurd

THIS is what worked. I tried the Terminal commands to no avail. But deleting the Profiles under Apple-System Preferences worked like a charm! Thank you so much. xo


(from mamurd)


Here's how I solved it.


  1. I did all of the things mentioned above in Terminal with the six command lines. That still didn't work.
  2. I called Apple Support and they had me follow these steps:
    1. Go to System Preferences
    2. Click on Profiles
    3. Delete the profiles (there was one that the virus created for Safari and another for Chrome)


May 23, 2019 1:26 PM in response to Jeffprez

It is hard to get rid of weknow on Chrome. I read several posts, tried many ways, and spent days on it. As I recall, I did these too:

I spent days searching the web, tried a lot of ways, spent days on it. As I recall, I did these:


  1. Click the "Chrome menu" (three horizontal lines) button and choose "Settings". In the "Search" section, click the "Manage search engines..." button. In the opened window, remove the unwanted Internet search engine by clicking the "X" button next to it. Select your preferred Internet search engine from the list and click the "Make default" button next to it.
  2. Reset Google Chrome:

Start Google Chrome browser

In address box type (or copy-paste) chrome://settings/.

Scroll down and find Show advanced settings link.

Click on it and scroll down to the bottom again.

Click Reset settings button and click Reset to confirm.


Then, I did what I posted before: (Please note, I have a MacBook)


  1. Click the magnifier on the top right corner of computer, type in “terminal” 


Use the command line to delete / modify the affected policies. You do this by opening up "Terminal" and copy and paste each of the following entries below. After you paste the first one, hit return, then past the next one until I had finished all 6 entries below:


defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

 

Quit Chrome and restart it, weknow.ac was gone. Good luck!

Sep 29, 2019 2:14 PM in response to brittier826

Brittier, please start a new thread to find out what else could be contributing to your virus.


Some things to keep in mind.


  1. Backup your data before trying to remove anything.
  2. Malwarebytes and Avast both offer tools which may detect and remove crumbs of it.
  3. Devon Technologies EasyFind https://www.devontechnologies.com/apps/freeware can locate components that are triggering it to launch LaunchDaemons that are discovered through running Etrecheck from http://www.etrecheck.com/

You may need to run in Safe Mode EasyFind to get rid of certain LaunchDaemons.

If uncomfortable with using such tools, ask a Mac tech such as a myself http://www.macmaps.com/software.html *

  • Links to my pages may give me compensation.

Jul 28, 2020 7:49 PM in response to udayfromwalnut

So I had weknow.ac on my Macbook and the Apple Support guy on the phone had me do the following:


  • Update Safari search engine preferences to Google
  • Go to System Preferences -> Profiles -> Remove everything you see there
  • Download the free version of Malwarebytes (apparently the internal Apple policy is to recommend but not endorse this system, it's just what their support team uses when supporting customers)
  • Have Malwarebytes scan for threats and PUPs
  • Quarantine those threats and then remove them
  • Then go through each browser to remove extensions, clear caches, etc.
  • In Google Chrome specifically, we went into Settings and made sure everything was set to Google and then in the "Manage System Preferences" we were able to remove weknow.ac and other weird viruses.
  • We restarted my laptop, double checked everything, and all was well!


I hope this helps. If you do take the time to call Apple Support, mention using Malwarebytes and they can walk you through.

Oct 17, 2018 8:07 PM in response to ChanelCinq

Thank you so much for typing out the steps and commands. I spent the whole day clearing the we-know and it was still messing up the Chrome. I tried MalwareByte and CC something and I agree with the above that installing more stuff is adding to the confusion, and want money to fix the problem -I wouldn't know what they are doing with my Mac either. So relieved.

how to remove weknow.ac virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.