Soft2Secure

Weknow.ac Mac virus removal from Safari, Chrome, Mozilla

Weknow.ac Mac virus removal from Safari, Chrome, Mozilla

There is no such thing as a malware-proof Mac. Cybercriminals have gotten the hang of contaminating computers that run macOS despite their generally decent protection mechanisms, and this trend is on the rise nowadays. The web browsing environment is one of the most heavily targeted areas, with adware and redirect viruses like Weknow.ac currently dominating this threat landscape.

What is the Weknow.ac virus?

Weknow.ac is a rogue search engine commonly associated with browser redirect malware that zeroes in on Mac computers. If you own a healthy Mac desktop machine, MacBook Air or MacBook Pro, you will probably never visit said website unless you enter its URL directly in the address bar for whatever reason. In case your macOS system is plagued with the infection, though, the pseudo search provider is going to be one of the most frequently accessed pages whether you like it or not. Why is there a difference? Because in the latter scenario, a piece of malicious code that resides in your computer recurrently invokes a command that forces the web browser to resolve Weknow.ac domain name. In fact, this is how any run-of-the-mill browser hijacker operates. What makes this one stand out is its prevalence.

The virus reroutes traffic to Weknow.ac homepage

By making Weknow.ac the default search engine and thus driving traffic to the self-proclaimed provider, the architects of this malware campaign get precious user hits that can be further monetized in a variety of ways. The landing page contains icons hyperlinked with popular online resources, such as Facebook, Twitter, YouTube, AliExpress, GearBest, Amazon, and eBay. This is merely a fragment of the malvertising. Another element of it comes down to the crooks’ benefitting from Internet search proper, where all queries you make from the junk site are forwarded to another service called the WebCrawler Search (webcrawler.com), which is a metasearch system combining results from Google and Yahoo!. Although this linked-to page isn’t officially flagged as malign, it has gained notoriety in the past for being part of Mac adware waves, such as the large-scale shenanigans of the ChumSearch hijacker.

Default search engine changed to www.weknow.ac in Chrome on Mac

As mentioned above, the forcible traffic redirects are triggered by a perpetrating entity that tweaks certain configuration values, browser settings for the most part, in infected Macs. This culprit sneaks into a host by means of deceptive installation clients endorsed via a network of malicious or compromised web pages. The incursion typically begins when you click on some eye-catching ad while surfing the web, which diverts your browser to a page that says you need the latest version of Adobe Flash Player to view its content. Once you opt into the pseudo update, you are presented with an installer whose custom setup option reveals that it has the WeKnow app and Advanced Mac Cleaner scareware under the hood. Unfortunately, most people never go further than the express, or recommended, mode and thereby unwittingly allow the baddies to infiltrate their Macs.

Weknow.ac promoting MacKeeper scareware

One more component of the Weknow.ac redirect quandary is the promotion of questionably secure, or outright malicious, applications. For instance, its homepage says “Clean Your Mac” in the upper right-hand corner. If you click on that inscription it will take you to a site pushing MacKeeper, a utility whose existence has been interwoven with controversy and negative customer feedback due to false positives as well as aggressive marketing. Ultimately, it appears that the authors of WeKnow.ac malware have contrived a multi-layered traffic monetization network, where if you don’t click on one offer you will most likely select another. That’s a clever business move – too bad it is backed by such a disgusting model that throws numerous Mac users’ browsing experience down the drain.

If web browsers on your Mac are constantly resolving Weknow.ac site and you are at your wit’s end trying to get rid of these redirects, the guide below will help you remove the hijacker and make your online surfing hassle-free again.

Use a Mac anti-malware tool to remove Weknow.ac redirect virus

The best way to streamline your malware removal experience is to leverage a security app that will scan your Mac for malicious and junk entities and wipe them automatically for you.

1. Download and install the MacBooster app. It’s an effective solution that finds and eradicates viruses, including persistent ones, and boasts small system footprint along with smooth performance. Open it and click Scan.

MacBooster System Status

2. When done checking your system for security and stability issues, it will generate an easy-to-interpret report. Click Fix and thereby get rid of the Weknow.ac virus as well as other bad items affecting your Mac.

Completing this phase of the cleanup process is most likely to result in a complete eradication of the infection. However, it might be a good idea to ascertain the malware is gone for good. Furthermore, you need to revert the unwanted changes the virus had made to web browsers on your Mac.

Remove Weknow.ac virus from Mac manually

For a start, you should spot all the obvious components of the Weknow.ac browser hijack malware on your Mac. Although some infections are too prolific to be deleted in the regular way, this cleaning technique is certainly worth a shot. So, go ahead and do the following:

• Select Utilities in your Mac’s Go drop-down menu
Select the Utilities path

• Find the Activity Monitor entry and double-click on it – this way, you will be able to see the list of all processes being executed on your Mac computer
Open up the Activity Monitor

• Having opened the Activity Monitor, locate WeKnow or another potentially unwanted, unfamiliar entry under the Process Name column. Select it and click Quit Process in the upper left-hand part of the window. This should bring up a dialog that will ask you for confirmation. Pick the Force Quit option to terminate the troublemaking process
Quit the malicious process

• Return to the Go drop-down and select Applications there
Go to Applications

• Look for WeKnow or some other item that shouldn’t be among your installed applications. Select the culprit and move it to trash
Send the malicious app to trash

• Your next move is to select System Preferences under the Apple Menu
Go to System Preferences

• Go to Accounts and hit the Login Items option. This will list all the apps that your Mac is configured to run once it boots up. Spot WeKnow (or a similar object) there and eliminate it by clicking the “” button
Eliminate the unwanted app from login items

That’s it for the manual uninstall. In case the browser redirect issue persists regardless – which is a likely scenario – get down to the browser-level cleanup below.

Get rid of Weknow.ac redirect in web browsers (Mac)

The logic of this part is to rectify the configuration of web browsers that got mutilated by the Weknow.ac redirect virus. Follow the steps below for different browsers, depending on which one(s) have been affected.

1. Reset Safari

• Go to Safari menu and select Preferences
Select Preferences in Safari

• Move on to the Privacy tab and locate the Remove All Website Data option
Remove All Website Data

• Your Mac will now trigger a dialog that asks you to confirm the intended action while also emphasizing that it may log you out of websites and cause additional changes in website behavior if you proceed. Click the Remove Now button if you are sure these tweaks won’t affect your browsing too much
Safari reset dialog

• Now that the list of all websites that have stored data is in front of you, select the unwanted ones and click Remove, or go for the Remove All option to apply the cleanup to every single site that retains cache, cookies and other information
Delete information stored by websites

• Click Done to finish the reset.

2. Reset Google Chrome

• Select the Customize and Control Google Chrome menu icon and go to Options

• Hit the Under the Hood tab as shown below, select Reset to defaults and confirm that you would like to start clean with this browser
Reset Chrome to defaults

3. Reset Mozilla Firefox

• Go to Help and select Troubleshooting Information
Go to Troubleshooting Information

• Pick the Refresh Firefox option and confirm your intentions on a subsequent dialog
Refresh Firefox

Double-check whether Weknow.ac virus has been completely removed

For certainty’s sake, it’s advised to repeatedly run a scan with the automatic security software in order to make sure no harmful remnants of this malware are left inside your Mac.

Posted in: KnowledgeBase

Leave a Comment (0) ↓

Leave a Comment

You must be logged in to post a comment.