How To Remove Weknow.ac Malware (macOS)

Weknow.ac is malware or malicious software. It is basically a program that can hurt your Mac. This particular malware is a fake search engine (www.weknow.ac). It may look innocent but we know.ac records your activity without your permission. On your computer, weknow.ac is probably installed via a fake Adobe Flash update. A fake Adobe Flash will install this. It targets Safari, Mozilla Firefox, and Google Chrome. The way it operates is to hijack your browser settings and then to change your default search engine to https://www.weknow.ac without your participation.

If you have this. You definitely should remove it. This article explains how you can uninstall the weknow.ac malware.

See also: Amazon Winner, Free Gift Card, Congratulations Scams & How To Stop Them

How to remove weknow.ac

Before we continue,

Please do not trust the Fake Adobe Flash Player installer pop-up:

fake Adobe Installer

Please pay special attention what you install. As you can see below, read carefully what is being installed. It is not easy to completely remove this but it is possible.

weknow.ac installer Steps:

Please follow the steps below to switch the hijacked default search engine in your browser (Chrome or Safari) back to your default search engine (e.g, Google or Bing etc):

During the steps, please note that if you see these names anywhere (MacSaver, MacVX, MacVaX, MacCaptain, MacPriceCut, SaveOnMac, Mac Global Deals or MacDeals, MacSter, MacXcoupon, Shop Brain, SShoP Brain, PalMall, MacShop, MacSmart, News Ticker Remover, Shopper Helper Pro, Photo Zoom, Best YouTube Downloader, ArcadeYum, Extended protection, Video download helper, FlashFree, GoldenBoy, Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater), remove them.

See also: Critical Security Warning! Your Mac is Infected…Fix

1-Remove the weknow.ac profile. Here is how:

  1. On your Mac, open System Preferences (click the System Preferences icon in the dock)
  2. Click Profiles
  3. Select AdminPrefs
  4. Delete this profile (AdminPrefs) by pressing the minus icon.
  5. Now delete search engine settings:
    1. Chrome: chrome://settings/searchEngines
    2. Safari: Safari > Preferences > Search

2-Delete weknow.ac. Remove anything weknow.ac related. Remove anything suspicious apps to the Trash folder. Look for recently added apps.

  1. Open the Applications folder
  2. Delete Weknow.ac or Weknow.ac.app also look for “MPlayerX”,“NicePlayer”. Look for suspicious apps.
  3. Empty Trash

3-Remove the weknow addon

  1. Safari: Safari > Preferences > Extensions > Locate the weknow.ac extension and remove it
  2. Google Chrome: Go to chrome://extensions/ and find the weknow.ac addon and remove it.
  3. Firefox: Go to about:addons and remove the addon.

4-Delete weknow files:

  1. Go > Go to Folder (or press Shift + Cmd + G)
  2. Enter /Library/LaunchAgents and click Go
  3. Look for suspicious files such as “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”. Some other names you should look for Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater, MplayerX, NicePlayer, installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist, com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, “com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”. If you see any of them, drag them to the Trash folder and then empty Trash.
  4. And now repeat the same process on the following folders:
    1. /Library/Application Support
    2. /Library/LaunchDaemons

5-If your browser is Chrome, follow the steps below to change some Chrome policies, if you are still having the problem:

  1. Open the Terminal app (Go > Utilities > Terminal or press Command+Space and search Terminal)
  2. Enter the commands below, hit Enter after each
  3. defaults write com.google.Chrome HomepageIsNewTabPage -bool false
  4. defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/”
  5. defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
  6. defaults delete com.google.Chrome DefaultSearchProviderSearchURL
  7. defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
  8. defaults delete com.google.Chrome DefaultSearchProviderName
  9. Restart Chrome

Please note that the developers behind weknow.ac are very sneaky and they will likely further develop this malware so this means that those tips may not work in near future. We will try to keep updating this posts.

You may also want to install and run MalwareBytes.

Dr. Serhat Kurt worked as a Senior Technology Director. He holds a doctoral degree (or doctorate) from the University of Illinois at Urbana / Champaign and a master’s degree from Purdue University.

Thank you for choosing to leave a comment.

Please note the following:

  • All comments are moderated.
  • Your email will NOT be published nor shared.
  • All SPAM comments will be deleted.
  • Please see our comment policy page for more info.

100 thoughts on “How To Remove Weknow.ac Malware (macOS)”

  1. Best article on how to get rid of weknow.ac – thank you! Explaining where this virus could hide, how to access terminal (it’s on your computer – not the browser), and providing the new commands was very helpful. Thank you.

    Reply
  2. I am unable to find admin or profiles. Is me as administrator the same thing? And, do I need to get rid of Chrome and gmail, as well as Google?

    Reply
  3. Thank you so much!!! the terminal commands are the only thing that worked for me I’ve been trying to get rid of Weknow for so long now

    Reply
  4. Thank GOD!! YOU SAVE ME I HAD LEAVE MY MAC FOR 1 YEAR BECAUSE OF WEKNOW i try your way and now it work thank you for helping me got rid of that da*n thing.

    Reply
  5. When putting in the commands into Terminal I receive a line that says ” Domain (com.google.Chrome) not found. ” so they don’t seem to be working. When I open google Chrome it goes correctly to Google search engine, and when searching in the address bar, however it still says “Your browser is managed by your organization” when I look at my settings in Google Chrome, which tells me something bad is still there… I already deleted the “profiles” too. I just want to remove “Your browser is managed by your organization” properly!! Help please!!

    Reply
  6. I had this malware last year & it took half a dozen Apple support calls to get rid of it. Then my MacBook went down & they wiped it during the repair. When I got it back & restored it from backup weknow was back. This time, when I called Apple they tried to tell me they can’t “support” Chrome. When I insisted & escalated to a supervisor, he had me do the simplest thing imaginable: shut down & reboot in “Safe” mode. When it was gone there, we restarted, et voila: gone! Try it! He also said Catalina may help prevent that, so backup after you get rid of it & upgrade.

    Reply
    • Glad that worked for Ya. I have been been the apple store in the domain, Austin, TX. 12 times so far, they remove it and comes back before I make it home and I don’t even open the mac from the store to the house!!

      Reply
  7. It worked!!!
    I’ve had this virus install itself multiple times every time I logged out. Thanks so much for the help because it’s gone now- and I recommend these instructions to anyone who have the problem. Surely Weknow should be illegal?
    Thanks again!

    Reply

Leave a Comment