Home Guides Mac Viruses Remove Weknow virus from Chrome/Safari/Firefox on Mac

Remove Weknow virus from Chrome/Safari/Firefox on Mac

4 min read
Weknow is a piece of prolific malware plaguing Mac computers and causing browser redirects, so find out how to get around its persistence and remove it.
  1. What is Weknow virus?
  2. Remove Weknow virus from Mac manually
  3. Restore web browser settings to their original defaults
  4. Remove Weknow virus from Mac using a security suite

What is Weknow virus?

The Mac threat landscape is becoming increasingly heterogeneous over time. Whilst there is an abundance of existing perils out there, this environment is dominated by adware apps and fake optimizers. Meanwhile, it’s not very common to see a tandem of these two categories in action. The infection called Weknow is a rare case where fully-fledged browser hijack activity is combined with a drive-by promotion of scareware. Its “couple” is a notorious program known as MacKeeper, which has been a major headache for Mac fans for years. The main goal of the Weknow virus, though, is about twisting one’s web surfing experience. It embeds a malicious add-on in Safari, Google Chrome and Mozilla Firefox without permission and thereby forces hits to Weknow.ac site. This is a bogus search provider whose objective is to forward the traffic further to a service crammed up with ads.

Rogue search provider pushed by Weknow Mac virus
Rogue search provider pushed by Weknow Mac virus

The attack follows a fairly straightforward logic. First, the user unknowingly allows the culprit to gain a foothold on the Mac machine. This happens in the course of a software installation event that involves bundling. For those uninitiated, such a tactic denotes the infiltration of unwanted items into a system as part of a package. The catch is in the way the setup client is configured – it may appear to streamline the installation of a single app while not clearly disclosing that there are additional components tailgating inside as well. As a result, a routine of installing benign freeware, such as a video game, Adobe Flash Player update or movie downloader, may lead to contamination with the hijacker under analysis. It’s always more reasonable to choose the custom setup option over recommended one in such cases, because the potentially unwanted extra elements will at least be visible that way. As soon as the Weknow virus enters a Mac, it adds a new entry to the Login Items without consent so that the computer launches the harmful process at boot time. Having established persistence through suchlike manipulations, the infection turns the functioning of the browsers upside down.

MacKeeper scareware download page linked-to at Weknow.ac
MacKeeper scareware download page linked-to at Weknow.ac

A serious issue about the Weknow malware is that it supports all popular web browsers. Consequently, no matter if you prefer the native Safari or Mac versions of Chrome or Firefox, the impact is going to be the same. The rogue extension or plugin will alter the default Internet settings, including favorite search provider, start page and new tab page. These changes take effect beyond the victim’s awareness, which aligns with the shadiest of malware practices. The tweaking of browser behavior entails the redirects that cause the most frustration to those infected. Visiting Weknow.ac web page becomes a recurrent drag that accompanies every Internet navigation session, from browser launch to any attempt to do online search. It turns out, the site itself is just a starting point of the rerouting. Any search query returns results via a different dodgy service, such as webcrawler.com. The second-stage traffic forwarding instance is inundated with sponsored stuff above the fold, which is the number one lure for the operators of this malicious wave.

Speaking of the scareware promotion mentioned above, the Weknow.ac website contains a button that says “Clean Your Mac”. When clicked, it takes the user to a download page for the MacKeeper rogue program. If the victim falls for the claims about the pseudo benefits of the app and installs it, they run the risk of catching another cyber disease that will add up to the whole nuisance. The pest will forge Mac scans and return deceptive results full of inexistent memory hogs and security problems, with the purpose being to get its license sold. Keep in mind that MacKeeper doesn’t belong in your system and it won’t improve or fix anything, which isn’t broken in the first place. Zooming back into the Weknow Mac virus issue, not only does it irritate users and push a must-avoid application but it also poses a risk to privacy. The underlying plugin gathers the victim’s web browsing information, including Internet history, saved bookmarks, submitted forms, and account credentials. Such a multi-vector threat is certainly on nobody’s wish list, so go ahead and remove it now.

Remove Weknow virus from Mac manually

If you are okay with manual troubleshooting, use the following steps to uninstall the Weknow rogue app from your Mac. Be advised the persistence mechanisms employed by the infection may prevent this technique from being ultimately effective. One way or another, here’s the workflow:

• Open the Utilities directory
Go to Utilities on Mac
• When on the Utilities pane, select Activity Monitor (the Mac equivalent of Task Manager)
Open Activity Monitor
• Once the Activity Monitor screen appears, look for Weknow on the list of running processes. Highlight that entry and click on the Quit Process option. The system will respond to this action with a confirmation dialog, where you should select Force Quit
Quit malicious process
• Now go back to your desktop, expand the Go menu and pick Applications in the drop-down
Pick Applications in the drop-down
• Spot Weknow under Applications, highlight it and select the Move to Trash option. Your Mac may request your administrator password at this point – enter it if that’s the case
Applications list in Mac
• Next, go to Apple Menu and choose System Preferences in the drop-down as shown below
Go to System Preferences
• Proceed to Accounts and select Login Items. Your Mac will display the list of apps that are executed automatically at boot time. Find Weknow on that list and click on the “-” (minus) button down at the bottom
Delete app from login items
• Move on to the Go drop-down menu in Apple Finder and click on the Go to Folder option

• When the folder search box appears, enter the following path in it: /Library/LaunchAgents
Go to /Library/LaunchAgents
• Having accessed the LaunchAgents folder, look for the following items in it and, if found, send them all to the Trash:

  • weknow.ac.update.plist
  • weknow.ac.AppRemoval.plist
  • weknow.ac.download.plist
  • com.weknow.ac.agent.plist

• Now, leverage the Go to Folder function to navigate to the ~/Library/LaunchAgents directory. Again, look for the objects listed above and delete all the matches you find.

• Follow the same logic to browse to a folder named ~Library/Application Support. Look for the following items in it and send them to the Trash once spotted:

  • SoftwareUpdater
  • weknow.ac

When done with the manual process of Weknow removal, take some time and check if the virus has vanished from your Mac. If it continues to cause browser redirects, move on to the following section of this tutorial.

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the weknow.ac virus.

Reset Safari

• Go to the Safari menu and select Preferences
Go to Safari Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
Remove All Website Data button
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
Confirm website data removal
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
Removing data for selected sites in Safari
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

Reset Google Chrome

• Open Chrome, type chrome://settings in the URL bar and press Enter. Another way is to click More (⁝) in the right-hand upper part of the window and select Settings
Open Chrome settings on Mac
• Move on to the Advanced area under Settings
Expand the Advanced subsection under Chrome settings
• Find the Reset settings subsection and click the Restore settings to their original defaults link within it
Click Restore settings to their original defaults
• The browser will display a popup dialog asking if you are sure you want to restore settings to their original defaults. Confirm and restart Chrome
Confirm by clicking Reset settings on the dialog

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can go to HelpTroubleshooting Information

• Click on the Refresh Firefox button as shown below
Mozilla Firefox reset on Mac

Remove Weknow virus from Mac using a security suite

The use of automatic security software to identify and delete Mac malware reduces human error and ensures that the stealthiest fragment of the culprit is spotted and terminated.

1. Download and install MacBooster. This tool combines antimalware and performance enhancement features for Mac. Launch the app and hit the Scan button on the System Status pane. The utility will scour your computer for memory issues and malware, including Weknow.ac, and will shortly report all the detected issues. Once the scan results are ready, click Fix to eliminate the threats

Download Weknow virus remover

MacBooster main pane
2. To go all the way in Weknow removal, additionally select the Uninstaller module. It reflects all applications running on your Mac in a single list and allows you to reset or get rid of the unnecessary ones in a few clicks. Simply locate Weknow if it’s still there, put a checkmark next to it and click Complete Remove at the top
MacBooster’s Uninstaller module

You’re now done with Weknow removal from your Mac computer. Last but not least, be sure to exercise some extra caution with suspicious application installs further on.

Rate article

5/5 (2)

Leave a Reply

Your email address will not be published. Required fields are marked *