how to remove weknow.ac virus

I just spent over an hour on the phone with mac support. We were able to remove weknow.ac from Safari but not from Chrome. I used the suggestions above and it worked like a charm (once I figured out where Terminal is (for those of you who don't know, go to Finder, Applications, Utilities, Terminal). Thank you!!!

I am still having problems...I am sure it is a user error, but I need some help...This is what my Terminal looks like...Is this correct? Then I just close out my chrome? Do I have to uninstall it? And close out of my Terminal?

Last login: Fri Oct 26 20:26:01 on ttys000

Susans-iMac:~ SAMathis$ DefaultSearchProviderEnabled

-bash: DefaultSearchProviderEnabled: command not found

Susans-iMac:~ SAMathis$ DefaultSearchProviderName

-bash: DefaultSearchProviderName: command not found

Susans-iMac:~ SAMathis$ DefaultSearchProviderNewTabURL

-bash: DefaultSearchProviderNewTabURL: command not found

Susans-iMac:~ SAMathis$ DefaultSearchProviderSearchURL

-bash: DefaultSearchProviderSearchURL: command not found

Susans-iMac:~ SAMathis$ HomepageIsNewTabPage

-bash: HomepageIsNewTabPage: command not found

Susans-iMac:~ SAMathis$ HomepageLocation

-bash: HomepageLocation: command not found

Susans-iMac:~ SAMathis$ NewTabPageLocation

-bash: NewTabPageLocation: command not found

Susans-iMac:~ SAMathis$

Susans-iMac:~ SAMathis$

Ok you are going to hate this answer. I think the directions given. where using commands from the c shell. You terminal is telling you that you are using the bash shell and the commands are not found in that shell

enter

chsh -s /bin/tcsh

and try again

You need to open the "Terminal" application (use the search functionality at the top-right to find it). Then copy and paste, one by one, the commands from my above post into the terminal prompt, hitting enter after pasting each.

All I had to do then was use the command line to delete / modify the affected policies:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

The changes will not take effect until you restart Chrome.

I recommend following some of the other pieces of advice in this thread, ie definitely do a malware scan too.

Hello ChanelCinq,

After reading so many positive replies I got excited as well. I am getting stuck at typing the mentioned commands in Terminal and it looks as below for me:

Last login: Sun Nov 11 17:06:18 on ttys000

Jigneshs-MBP:~ jiggy$ defaults write com.google.Chrome HomepageIsNewTabPage -bool false

Jigneshs-MBP:~ jiggy$

Jigneshs-MBP:~ jiggy$ defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

Jigneshs-MBP:~ jiggy$

Jigneshs-MBP:~ jiggy$ defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

Jigneshs-MBP:~ jiggy$

Jigneshs-MBP:~ jiggy$ defaults delete com.google.Chrome DefaultSearchProviderSearchURL

2018-11-11 17:13:30.021 defaults[6240:94366]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Jigneshs-MBP:~ jiggy$

Jigneshs-MBP:~ jiggy$ defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

2018-11-11 17:13:30.080 defaults[6241:94370]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Jigneshs-MBP:~ jiggy$

Jigneshs-MBP:~ jiggy$ defaults delete com.google.Chrome DefaultSearchProviderName

2018-11-11 17:13:30.136 defaults[6243:94383]

Domain (com.google.Chrome) not found.

Defaults have not been changed.

Jigneshs-MBP:~ jiggy$

Looks like, I am unable to select correct Terminal for this to function. Can you please elaborate further on actual steps involving the use of Terminal? I would really appreciate your help with this as nothing else seem to work with this issue.

Thank you.

Actually it looks like the first three line worked.. Did you close Chrome and try it again?

The last three response terminal gave you look like no default was set... Not sure if that is good or bad but I would at least try Chrom again

I am currently facing the same issue where I have tried these terminal commands several times to no avail. It doesn’t seem to be affecting my safari browser but this is troublesome and frustrating. Someone please help.

You might try azhaan approach although it does require install addition software (not my fav approach)

When you say. "no avail". what error are you getting?

As I mentioned else where. commands given are written for C Shell family of shells. Apple has jumped between bash and tcsh

she'll is shown by "echo $SHELL"

It worked! I had tried everything. Thank you so much for the information. I followed it exactly as you stated and it cleaned the high jacker virus from my computer when using chrome. I really appreciate your post. Thank you.

My mac got infected with this weknow.ac thing but i was lucky to have backed up my mac the previous day before it got infected, so restoring my mac from the backup solved the issues weknow.ac brought to my browsers. restoring it fixed everything.

This could be an easy option for someone with a backup.

look at the top right of your screen- if you spot a magnifying glass (search icon), click on it and type terminal. The terminal window will open up. The type the code provided by ChanelCinq one by one. That should solve the problem.

what terminal step? you mean opening the Terminal window? If so, this is what I posted to another user - "look at the top right of your screen- if you spot a magnifying glass (search icon), click on it and type terminal. The terminal window will open up. The type the code provided by ChanelCinq one by one. That should solve the problem."

Hi there

I have managed to get this virus so that it is now not on my browser, but how do i know its not still lurking in my computer? How do i get rid of it. I don't have Chrome

regards and thanks in advance

Gigs

Thanks a million for taking the time out of your day to help us. It worked but it took me a few tries. Make sure when copying and pasting each line you copy the entire line including what is in blue. I was leaving that out at first but as soon as I copied the entire line it worked.

look for Chanelcinq's answer...........

if unable to find, here is a copy paste of his answer...

"weknow.ac" changes a group of Chrome policies so as to set a new default homepage, new tab behavior, etc. You can see your current Chrome policies by typing chrome://policy/ into your URL bar. If you're infected, it should be very obvious as the half-dozen or so policies changed by weknow will be displayed.

Use the command line to delete / modify the affected policies. You do this by opening up "Terminal" and copy and paste each of the following entries below. I did each one at a time. I copy and pasted the first line and then hit enter and then went to the next until I had finished all 6 below:

defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName

Quit Chome and restart it and voila the virus will be gone. I tried everything and 3 phone calls with Apple and this was the only thing that worked.