There is no such thing as a malware-proof Mac. Cybercriminals have gotten the hang of contaminating computers that run macOS despite their generally decent protection mechanisms, and this trend is on the rise nowadays. The web browsing environment is one of the most heavily targeted areas, with adware and redirect viruses like Weknow.ac currently dominating this threat landscape.
Table of Contents
What is the Weknow.ac virus?
Weknow.ac is a rogue search engine commonly associated with browser redirect malware that zeroes in on Mac computers. If you own a healthy Mac desktop machine, MacBook Air or MacBook Pro, you will probably never visit said website unless you enter its URL directly in the address bar for whatever reason. In case your macOS system is plagued with the infection, though, the pseudo search provider is going to be one of the most frequently accessed pages whether you like it or not. Why is there a difference? Because in the latter scenario, a piece of malicious code that resides in your computer recurrently invokes a command that forces the web browser to resolve Weknow.ac domain name. In fact, this is how any run-of-the-mill browser hijacker operates. What makes this one stand out is its prevalence.
By making Weknow.ac the default search engine and thus driving traffic to the self-proclaimed provider, the architects of this malware campaign get precious user hits that can be further monetized in a variety of ways. The landing page contains icons hyperlinked with popular online resources, such as Facebook, Twitter, YouTube, AliExpress, GearBest, Amazon, and eBay. This is merely a fragment of the malvertising. Another element of it comes down to the crooks’ benefitting from Internet search proper, where all queries you make from the junk site are forwarded to another service called the WebCrawler Search (webcrawler.com), which is a metasearch system combining results from Google and Yahoo!. Although this linked-to page isn’t officially flagged as malign, it has gained notoriety in the past for being part of Mac adware waves, such as the large-scale shenanigans of the ChumSearch hijacker.
As mentioned above, the forcible traffic redirects are triggered by a perpetrating entity that tweaks certain configuration values, browser settings for the most part, in infected Macs. This culprit sneaks into a host by means of deceptive installation clients endorsed via a network of malicious or compromised web pages. The incursion typically begins when you click on some eye-catching ad while surfing the web, which diverts your browser to a page that says you need the latest version of Adobe Flash Player to view its content. Once you opt into the pseudo update, you are presented with an installer whose custom setup option reveals that it has the WeKnow app and Advanced Mac Cleaner scareware under the hood. Unfortunately, most people never go further than the express, or recommended, mode and thereby unwittingly allow the baddies to infiltrate their Macs.
One more component of the Weknow.ac redirect quandary is the promotion of questionably secure, or outright malicious, applications. For instance, its homepage says “Clean Your Mac” in the upper right-hand corner. If you click on that inscription it will take you to a site pushing MacKeeper, a utility whose existence has been interwoven with controversy and negative customer feedback due to false positives as well as aggressive marketing. Ultimately, it appears that the authors of WeKnow.ac malware have contrived a multi-layered traffic monetization network, where if you don’t click on one offer you will most likely select another. That’s a clever business move – too bad it is backed by such a disgusting model that throws numerous Mac users’ browsing experience down the drain.
If web browsers on your Mac are constantly resolving Weknow.ac site and you are at your wit’s end trying to get rid of these redirects, the guide below will help you remove the hijacker and make your online surfing hassle-free again.
Use a Mac anti-malware tool to remove Weknow.ac malware
The best way to streamline your malware removal experience is to leverage a security app that will scan your Mac for malicious and junk entities and wipe them automatically for you.
1. Download and install the MacBooster app. It’s an effective solution that finds and eradicates viruses, including persistent ones, and boasts small system footprint along with smooth performance. Open it and click Scan.
2. When done checking your system for security and stability issues, it will generate an easy-to-interpret report. Click Fix and thereby get rid of the Weknow.ac malware as well as other bad items affecting your Mac.
Completing this phase of the cleanup process is most likely to result in a complete eradication of the infection. However, it might be a good idea to ascertain the redirect is gone for good. Furthermore, you still need to revert the unwanted changes the malware has made to web browsers on your Mac.
Remove Weknow.ac virus from Mac manually
If the Weknow.ac redirect is running amok inside your Mac, this section will guide you through removing the malicious app along with its core files and components.
- Click the Go button in the menu bar and select Utilities.
- Once the Utilities screen appears, select Activity Monitor.
- Sift through your running processes and try to detect the malicious one. Several common giveaways are high CPU usage, suspicious name, and an unfamiliar icon next to an entry.
- If you spot the unwanted item, select it and click the X button (it’s the leftmost one in the upper toolbar). Then, use the Force Quit option to stop the binary as shown below.
- Pull down the Go list in your menu bar again and choose Go to Folder.
- Enter ~/Library/LaunchAgents (include the tilde symbol) and click Go.
- Examine your LaunchAgents folder to spot dubious-looking files. Move them all to the Trash.
- Follow the same procedure to open ~/Library/Application Support, /Library/LaunchDaemons, and /Library/LaunchAgents folders in turn. Check them for traces of malware and delete everything suspicious you can find.
- Open the Finder from your Dock and select Applications in the sidebar. Look for recently installed malicious software and move it to the Trash.
- Click the gear pictogram in the Dock to open the System Preferences app and select Users & Groups. Click the lock symbol and enter your Mac admin credentials to be able to change settings. Then, click the tab that says Login Items in the upper part of the screen, select the unwanted app, and hit the minus symbol to remove it from the list of startup processes.
- Click the backward arrow to return to the System Preferences main pane and select Profiles (this item may not be there if the malware hasn’t created a device profile). Spot the malicious profile and use the minus sign to get rid of it. Enter your admin password to complete the procedure when prompted.
- Empty your Trash folder.
Get rid of Weknow.ac redirect in web browsers (Mac)
Uninstalling the malware itself and deleting its breadcrumbs is very important, but there is one more thing you need to do. To keep your browser from being rerouted to Weknow.ac, make sure you clean up its settings and purge rogue data that may lurk in the caches and history logs.
1. Remove Weknow.ac from Safari
- Open Safari, expand the Safari menu in the upper toolbar, and click Preferences.
- Select Advanced and enable the option that says Show Develop menu in menu bar.
- Once the Develop menu appears, expand it and select Empty Caches.
- Go back to Safari Preferences and select the Privacy tab. Then, click Manage Website Data and use the Remove All button to confirm the action.
- Click History in the menu bar and select Clear History. This feature wipes cookies and other website-related information that may be causing issues. Keep the “all history” option enabled in the dialog and click the Clear History button (see screenshot below).
- Restart Safari.
2. Remove Weknow.ac redirect from Google Chrome
- Click Customize and control Google Chrome (the three dots button at the top right), select Settings, go on to Advanced, and click the button that says Reset settings.
- Select the Restore settings to their original defaults feature and confirm by clicking the Reset settings button in the dialog box.
- Restart Chrome.
3. Remove Weknow.ac from Mozilla Firefox
- Open the in-app Firefox menu, click Help, and select Troubleshooting Information.
- Click Refresh Firefox in the Give Firefox a tune up section and confirm that you want to start fresh with the browser.
- Restart Firefox.
Double-check whether Weknow.ac malware has been completely removed
For certainty’s sake, it’s advised to repeatedly run a scan with the automatic security software in order to make sure no harmful remnants of this redirect are left inside your Mac.