How To Remove Weknow.ac Malware (macOS)

Weknow.ac is malware or malicious software. It is basically a program that can hurt your Mac. This particular malware is a fake search engine (www.weknow.ac). It may look innocent but we know.ac records your activity without your permission. On your computer, weknow.ac is probably installed via a fake Adobe Flash update. A fake Adobe Flash will install this. It targets Safari, Mozilla Firefox, and Google Chrome. The way it operates is to hijack your browser settings and then to change your default search engine to https://www.weknow.ac without your participation.
If you have this. You definitely should remove it. This article explains how you can uninstall the weknow.ac malware.
See also: Amazon Winner, Free Gift Card, Congratulations Scams & How To Stop Them
How to remove weknow.ac
Before we continue,
Please do not trust the Fake Adobe Flash Player installer pop-up:

Melbourne Storm spear the Sharks, look unbeatable in 2018
Friday September 21, 2018

It was set up as potentially one of the most brutal and robust games of the season. Two teams were prepared to grind through the middle and niggle and grapple their way to an ascendancy in the ruck. Both would then look to parlay that dominance into attacking explosions out wide on the back of […]

Please pay special attention what you install. As you can see below, read carefully what is being installed. It is not easy to completely remove this but it is possible.
 Steps:
Please follow the steps below to switch the hijacked default search engine in your browser (Chrome or Safari) back to your default search engine (e.g, Google or Bing etc):
During the steps, please note that if you see these names anywhere (MacSaver, MacVX, MacVaX, MacCaptain, MacPriceCut, SaveOnMac, Mac Global Deals or MacDeals, MacSter, MacXcoupon, Shop Brain, SShoP Brain, PalMall, MacShop, MacSmart, News Ticker Remover, Shopper Helper Pro, Photo Zoom, Best YouTube Downloader, ArcadeYum, Extended protection, Video download helper, FlashFree, GoldenBoy, Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater), remove them.
See also: Critical Security Warning! Your Mac is Infected…Fix
1-Remove the weknow.ac profile. Here is how:

On your Mac, open System Preferences (click the System Preferences icon in the dock)
Click Profiles
Select AdminPrefs
Delete this profile (AdminPrefs) by pressing the minus icon.
Now delete search engine settings:

2019 Calendar and Life Planner Free Printables for Dog Lovers!
Sunday October 28, 2018

Print your 2019 calendar and life planner today! It will help you set your monthly goals, organize your schedules and plan your whole year ahead. Be sure to snag your free copy with over 45 pages to enjoy. And yes, it comes in the cutest theme ever! (adsbygoogle = window.adsbygoogle || []).push({}); Calling all dog […]

Chrome: chrome://settings/searchEngines
Safari: Safari > Preferences > Search

2-Delete weknow.ac. Remove anything weknow.ac related. Remove anything suspicious apps to the Trash folder. Look for recently added apps.

Calendar Invitation: Your Response To The Invitation Cannot Be Sent
Thursday October 25, 2018

macReports Calendar Invitation: Your Response To The Invitation Cannot Be Sent Do you get this iOS Calendar error popup constantly? The error message says: “Calendar Invitation. Your response to the invitation cannot be sent” (see the image below). You tap OK but a few minutes later this pops up again? It is highly likely that […]

Open the Applications folder
Delete Weknow.ac or Weknow.ac.app also look for “MPlayerX”,“NicePlayer”. Look for suspicious apps.
Empty Trash

3-Remove the weknow addon

Safari: Safari > Preferences > Extensions > Locate the weknow.ac extension and remove it
Google Chrome: Go to chrome://extensions/ and find the weknow.ac addon and remove it.
Firefox: Go to about:addons and remove the addon.

4-Delete weknow files:

Go > Go to Folder (or press Shift + Cmd + G)
Enter /Library/LaunchAgents and click Go
Look for suspicious files such as “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”. Some other names you should look for Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater, MplayerX, NicePlayer, installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist, com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, “com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”. If you see any of them, drag them to the Trash folder and then empty Trash.
And now repeat the same process on the following folders:

/Library/Application Support
/Library/LaunchDaemons

5-If your browser is Chrome, follow the steps below to change some Chrome policies, if you are still having the problem:

Open the Terminal app (Go > Utilities > Terminal or press Command+Space and search Terminal)
Enter the commands below, hit Enter after each
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/”
defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName
Researt Chrome

Please note that the developers behind weknow.ac are very sneaky and they will likely further develop this malware so this means that those tips may not work in near future. We will try to keep updating this posts.
You may also want to install and run MalwareBytes.
The post How To Remove Weknow.ac Malware (macOS) appeared first on macReports.