How to remove Weknow.ac malware from Mac

Weknow.ac is malware that is one of several browser hijackers currently in the wild that redirects your web browser’s homepage to its own search engine and then intercepts the search requests you type in order to show you adverts. It manages to evade macOS security measures because it’s ‘bundled’ with what looks like legitimate downloads of software like Adobe Flash Player.

How do I know if my Mac is infected?

When you launch a browser like Safari, Firefox, or Google Chrome, instead of seeing your usual homepage, you’ll see the Weknow.ac search page (which resembles a very poor imitation of Google’s search page).

How did I get infected?

You downloaded Weknow.ac malware when you downloaded another piece of software, perhaps an upgrade or a browser extension. Because it’s bundled with what appears to be a legitimate program, Weknow.ac clears security when you confirm you want to install the piece of software you thought you had downloaded. It’s critically important that before you agree to download any update or program, you make sure you know where it has come from. Don’t respond to browser windows that pop up telling you that you need to update software.

How to remove Weknow.ac from applications

There are several steps needed to remove Weknow.ac from your Mac. However, they are very straightforward.

  1. Launch System Preferences (System Settings in macOS Ventura) from the Apple menu or the Dock.
  2. Look for a pane called Profiles. If it’s there, it should be next to Accessibility. In macOS Ventura, it’s found in the Privacy & Security pane. 
  3. Click on the Profiles pane and check to see if there’s a profile called Admin Prefs.
  4. If it’s there, click on AdminPrefs — unlocking System Preferences by clicking the padlock and typing your username and password, if necessary — and click the ‘-’ at the bottom of the window. That will remove it. In macOS Ventura, you won’t need to unlock System Settings. 

Check your Startup items

Malware sometimes inserts itself in your Login items so that it starts as soon as your Mac boots. You’ll need to hunt for it and remove it:

  1. In System Preferences, click on Users & Groups > Login Items. For macOS Ventura, go to System Settings > General > Login Items. 
  2. Click on your username, then click on the padlock and type your login details. This step is not needed for macOS Ventura. 
  3. Look through the list of items. If you see anything that looks like it might be the Weknow.ac hijacker or any other malware, click on it and click on the ‘-’ to remove it.

Tip: There is an easier way to remove malicious login items or any other login item you want to get rid of. CleanMyMac X’s Login Items tool scans your Mac for programs that are permitted to start up at login. It then displays them in a window and allows you to get rid of them with one click. CleanMyMac X also allows you to quickly and easily remove browser extensions, uninstall apps, and reclaim tens of gigabytes of disk space.

CleanMyMac X - Login items

You can download a free version of CleanMyMac here from the developer’s website.

Remove Launch Agents and Daemons

This may sound very technical, but it’s actually very easy.

1. In Finder, click on the Go menu and choose “Go to Folder.” In the text box, type /Library/LaunchDaemons

2. When the folder opens, scan the list of .plist files and look for anything that seems suspicious. Most of the filenames should contain the name of a software vendor you recognize. If you find one that doesn’t, it may be malware.

3. If you see a file that looks suspicious, click on it and press the spacebar to preview its contents. If you see anything that relates to Weknow.ac, or seems suspicious, drag the file to the Trash.

4. Repeat the above steps for /Library/LaunchAgents and ~/Library/LaunchAgents

5. Once you’ve dragged all the files you want to get rid of to the Trash, empty it and restart your Mac.

How to remove Weknow.ac from Safari

  1. Wait for your Mac to restart and launch Safari.
  2. From the Safari menu, choose Preferences/Settings.
  3. Now, click on the Search tab and choose the search engine you want to use as the default.
  4. Select the General tab and set the Homepage to whichever page you want. Then, choose from the options in the menus above it.

How to remove Weknow.ac from Chrome

1. Launch Chrome.

2. Type chrome://settings into the address bar or click the three vertical dots at the left of the window.

3. On the left of the screen, click “On startup” and check the button next to “Open a specific page or set of pages.”

4. Click on the “more” icon (three vertical dots).

5. Select “edit” and type or paste the URL of the page you want to use as your startup page into the text box.

6. Click Save.

7. Press the Settings icon again.

8. Select Search Engine.

9. Choose “manage search engines and site search” and press the “more” button next to the Weknow.ac search engine, then select “Remove from list.”

10. Click on the menu next to “Search engine used in the address bar” and select the search engine you want to use. If the one you want isn’t there, click “Manage search engines and site search” and either add one from the bigger list or press “Add” and type the URL of another search engine.

How to remove Weknow.ac from Firefox

1. Launch Firefox.

2. Press the Settings button (three lines) on the right-hand side of the toolbar or type about:preferences into the address bar.

3. Choose the Home category and, next to “Homepage and new windows,” click on the dropdown menu and select either “Firefox Home” or “Custom URL.” If you choose “Custom URL,” type the URL you want to open into the text box.

4. Click the Search category and scroll down to “Default Search Engines.” Click on Weknow.ac and press Remove.

5. Click on the menu under Default Search engine and choose the one you want.



Delete suspicious extensions from your browsers

Now, remove the items that you think may be “double agents” or don’t serve any real purpose. It’s commonly done from Preferences/Settings. All you have to do is look for the Extensions or Add-ons pane in each browser you have on a Mac and remove any extension you don’t recognize or didn’t install. 

Final Steps: Rooting out the virus completely

The next steps are the most important ones because, so far, we have cleaned your Mac on the surface level. Now, it’s time to go deeper and delete Weknow virus from the system directories.

STEP 1.

Open Chrome, then paste this string into the URL field and press Return: chrome://policy/

You will see a window like this one: 

Now, see what’s written in the Level column.

If it reads “Recommended,” unfortunately, you will have to reinstall Chrome completely. This is because Weknow has hard-coded itself into the administrative settings of Chrome. If it reads “Mandatory,” go to STEP 2. 

For additional check:

Go to Applications/Terminal. Open Terminal, paste the following command, and press Return:

defaults read com.google.Chrome

Now, look through the results. If you see anything related to Weknow there, again, the only remaining solution is to simply uninstall Chrome. You can use CleanMyMac X for this purpose. It has an Uninstaller tool that will wipe out the remaining traces of any app it deletes.

STEP 2. 

With this step, we will remove Weknow virus from Mac’s library preferences associated with your username.

Open Finder, go up to the Go menu in the menubar > Go to Folder, and paste this directory:

/Library/Managed Preferences/[your username]

You should enter [your username] as shown in System Preferences or System Settings)/Users & Groups if you already run macOS Ventura. 

Open the folder. Now, look for a “com.google.Chrome” file there. 

If you have found it in any of these locations, open the file in any text editor and check if you can find any Weknow mentions there. Then, manually remove the info from the file and restart your computer.

The same logic applies to Firefox and Safari. 

Remove Weknow.ac automatically and protect your Mac

You’ve heard of many anti-malware solutions for Mac. But recently, CleanMyMac X developed by MacPaw has added a Malware Removal tool to their software that checks for adware, viruses, spyware, and cryptocurrency miners. It’s worth checking out. When you do a malware scan, it lists anything it finds in its main window. You can then quickly remove it without traces from your Mac. In fact, it can easily remove Weknow.ac from your Mac, so you would not have to go through all of the manual steps we’ve listed above.

Removing malware files

You can find and download the free edition of the app here.

Have you succeeded in removing the virus? If not, contact us for more guidance at [email protected]

Okay, hope this article has helped you. Come by for more tips on Mac’s health.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.