There isn’t a shortage of malware that aim to infiltrate Mac systems and attain their dark agenda. Weknow.ac is one such browser hijacker that changes your homepage and search engine for your web browser into http://weknow.ac. It also intercepts the searches that users type in order to show advertisements.
This guide will help you identify if your Mac is infected and how to remove Weknow.ac from your Chrome and Safari.
Weknow.ac: Get to Know This Browser Hijacker Better
Several Mac users have documented their experience with Weknow.ac. One user, whose default browser is Chrome and default search engine and homepage is Google, accidentally clicked on a Flash download popup and immediately noticed signs of infection by the malware. Another user also accidentally clicked on a Flash Player download on his MacBook Air, and Weknow.ac quickly restarted his laptop when it was downloaded.
You might be wondering: how is Weknow.ac able to enter my computer without me knowing and approving it?
The quick answer is it’s because of the different freeware and shareware that you have downloaded as well as installed. Weknow.ac can gain access to your computer with minimal effort. Its usual sources are software bundles, freeware, or third-party apps created by websites that typically supply adware and potentially unwanted programs (PUPs).
The creators of these browser hijackers are quick to evade macOS security measures since the malware is “bundled” with seemingly legitimate downloads, such as Adobe Flash Player. They are then able to manipulate your browser as set Weknow.ac as the default homepage, new tab, and search engine.
You would know if your Mac has been infected by this malware. Once you launch a browser such as Chrome and Safari, you will see the Weknow.ac search page instead of your usual homepage – a poor imitation of Google’s legitimate search page.
The unfortunate reality is it can be difficult to get rid of this malware, as manually clearing your browser’s adware configuration doesn’t always do the trick. One immediate step, of course, is to scan your computer with a tried-and-tested malware remover to delete all malicious codes from your machine.
Steps to Remove Weknow.ac from Your Mac
There are several ways that you can remove Weknow.ac from your Mac and browsers like Chrome and Safari. For starters, make it a habit to clean and optimize your Mac clear valuable space and improve overall performance. A Mac repair tool can run a quick scan, pinpoint existing issues, and help eliminate unnecessary apps and other space hogs.
Here are the top methods you can try:
- Via System Preferences – Follow these straightforward steps:
- Launch System Preferences from your Apple menu or the Dock.
- Next, look for the Profiles It’s located next to Accessibility.
- Click on this pane and check if there’s a profile dubbed Admin Prefs.
- Click on Admin Prefs, unlocking System Preferences through clicking the padlock and typing your username and password, if prompted to do so. Click the ‘-‘ at the bottom of the window, and that will remove it.
- Checking Your Startup Items – Malware can sometimes lodge itself in your Login items, so that it also starts along with your Mac booting. Hunt for it and remove it this way:
- Go to System Preferences and click on Users & Groups.
- Click on your username. Afterwards, click on the padlock. Type in your login details.
- Choose the Login Items
- Look through the list of items and if you suspect something might be the Weknow.ac hijacker or another malware, click on it. Click on the ‘-‘ to get rid of it.
- Locating and Removing Browser Extensions Belonging to Weknow.ac – Locate and remove the add-on or extension relevant to the browser hijacker by following these steps:
- Do this step based on the affected browser. For Chrome, choose Preferences from the Chrome menu, and afterwards click the Extensions link located on the left pane. For Safari, click Preferences from the Safari menu. Click the Extensions icon to open a window that shows all installed extensions.
- Locate Weknow.ac and click on Remove or Uninstall.
- Close your browser.
- Select and copy this string to your clipboard via pressing Command + C on your keyboard: ~/Library/LaunchAgents.
- Go to Finder. From the menu bar, choose Go > Go to Folder.
- Paste the copied string by pressing Command + V on your keyboard. Press Return to proceed to the folder.
- A folder called LaunchAgents will show up. Take note of these files inside it: download.plist; unknown.ltvbit.plist; and unknown.update.plist. Here, “unknown” represents the actual malware name, and typically you’ll find unfamiliar filenames such as Genieo, Inkeeper, CleanYourMac, MacKeeper, InstallMac, and SoftwareUpdater.
- Drag all suspicious files to Trash. Restart your computer.
- Open another folder using the same steps above. Use this string: ~/Library/Application Support.
- Look for suspicious items once again and drag them to Trash.
- Repeat the method on these non-hidden folders: /Library/LaunchAgents; /Library/LaunchDaemons; and /Library/Application Support.
- Removing Weknow.ac from Your Homepage and Search – it’s time to bid adieu to the malware and restore your real homepage and search. Follow these steps for Chrome:
- Open the browser and type this on the address bar: chrome:/ /settings/. Press Enter.
- Look for On Startup and select Open a specific page or set of pages.
- Click on More Actions. Next, select Edit.
- Enter the desired web URL as your homepage to replace Weknow.ac, and click Save.
- Set your default search engine by going to Search Engine and clicking on the Manage search engines…
- Proceed to the questionable search engine, hit More Actions, and then click Remove from list.
- Return to Search Engine and pick a valid entry from Search engine used in the address bar.
Here are the steps if you’re using Safari:
- Open the browser and proceed to Safari Menu found on the upper left hand corner. Select Preferences.
- Go to Default Search Engine under the General Choose Google or any other valid search engine.
- Set the New Windows Open With field to Homepage.
- Remove Weknow.ac from Homepage and replace it with your preferred web address as you default homepage.
If you want to be 100 percent sure about getting rid of Weknow.ac then you can opt to completely delete Chrome and all Chrome data files from your Mac. This way, you can reinstall a fresh copy of the browser and build it from scratch. For bookmarks you don’t want to lose, export them and then import them once you have reinstalled.
Weknow.ac is a browser hijacker that can be as sneaky as it can get, promoting a program through text like CleanYourMac and manipulating your browser to set Weknow.ac as your default homepage, new tab, and search engine.
It’s able to get free access to your computer without your consent due to the various freeware and shareware that you have downloaded and installed – and the seemingly legitimate downloads, like Flash Player, that it’s craftily bundled with.
It can be readily tough to get rid of this malware, but with the steps we outlined above you are likely to find one that works well in your case.
Have you have any previous experience with Weknow.ac malware? Let us know in the comments below!