What is Weknow.ac and why you need to remove it?
Weknow.ac is a browser hijacker that targets Mac computers. Before proceeding, it should be noted that browser hijackers aren’t serious computer infections. They don’t harm the computer in an irreparable way and are more of an annoyance than anything. However, this particular hijacker is pretty persistent, and will try to constantly redirect you to sponsored websites in order to make revenue. While the hijacker itself isn’t exactly dangerous, the sites that it will redirect you to could put your computer in danger. If you are not careful, you could pick up serious malware or be exposed to pretty convincing scams.
When the weknow virus inhabits a computer, it will immediately change browser’s settings. Your homepage and new tab will be set to Weknow.ac, and until you remove Weknow.ac, you will not be able to undo the changes. This can cause a lot of frustration because you will not be able to browse as usual. Ignoring the hijacker and allowing it to remain is highly not recommended. If you do not delete weknow.ac from your Mac, you’re risking being exposed to serious malware.
The hijacker was noticed spreading with a fake Adobe Flash Player update. It comes bundled with the supposed update, and if you do not deselect it during installation, it will install alongside without requiring your explicit permission. Software bundles is how most users end up accidentally installing browser hijackers, adware and potentially unwanted programs. Read the following section carefully to learn how to avoid installing unwanted software. Hopefully, you will be more careful in the future.
How did Weknow malware install?
It has been noticed that weknow.ac spreads attached to a fake Flash Player update, which users might encounter when browsing questionable websites. The fake update pop-up may appear legitimate to those who do not know that legitimate updates are not pushed this way. Whenever you encounter a pop-up in your browser claiming something needs to be updated, think of it as a scam. You will never be asked to legitimately update something via pop-ups. And if you do ever need an update, always use the official website to get it.
If you did download the fake update, during installation you likely used Express settings. If you had chosen Custom installation, you would have seen that along with the fake update, WeKnow and MacCleaner would install. To prevent them from installing, you would have needed to uncheck the boxes of those two programs. Although since this is not a legitimate update, you should not have installed anything in the first place.
In the future, when installing free programs (even trustworthy ones), always opt for Advanced (Custom) settings. A lot of freeware comes with added junk, and unless you manually deselect it, it will install alongside. When you choose Advanced settings and a list of added offers appears, make sure you uncheck all of them. Only then should you continue installing the freeware.
What does Weknow virus do?
When a hijacker first appears, it proceeds to change browser’s settings. In the case of this hijacker, it will set weknow.ac as your homepage and new tabs. That means that every time you open Safari, you will be redirected to weknow.ac. And as we’ve mentioned before, until you uninstall weknow.ac, there’s no use in trying to change back your settings as all your changes will be reversed again.
The website that will be set as your homepage may look completely harmless at first sight. It will try to encourage you to use the provided search engine so that it could redirect you to sponsored websites in order to make revenue. Sponsored results may be inserted among the legitimate ones, and while they should be fairly obvious, we still recommend against using the search engine. Hijackers often redirect to questionable websites, some of which could be malicious or try to scam you. Some of the results might outright lead to malware, so be very cautious to not download anything via that search engine.
As do most hijacker, the weknow mac virus also collects information about users. It will record data about your browsing habits, what sites you visit, what you search for, your social media, etc. Furthermore, if you accidentally grant it access to your social media, it will record your info like friend lists, updates and photos, supposedly to enhance your browsing experience. It goes without saying but you should not provide access to your social media to no program, especially not some questionable one that installed without permission. The data would also then be shared with unknown third-parties.
With the help of weknow.ac mac virus, various non-personal details are transferred to the app’s authors. The information contains:
- Information regarding the victim’s device;
- Apps used;
- Search queries;
- Websites viewed and the length of the visit;
- User’s interaction on social networks;
- Links clicked;
- IP address;
- Internet service provider (ISP), etc.
- Email address;
- Social security numbers;
- Credit card numbers;
- Login information, etc.
We should also note that there has recently been a noticeable increase in affected users, based on the times the infection was searched on Google. So even if you are not affected by weknow.ac yet, be careful to not accidentally install it.
Weknow.ac virus removal
The infection is quite persistent, and your anti-spyware software may have trouble with Weknow.ac malware removal. If you are sure this hijacker is inhabiting your computer but your security software does not detect/remove it, try these manual instructions. Be sure to follow them carefully, otherwise you might miss something, and the hijacker could renew itself.
Remove weknow mac virus
1. Open System Preferences in your dock. Click Profiles, find AdminPrefs and press the minus icon on AdminPrefs to delete it.
2. Finder -> Applications. Look for weknow.ac or any other suspicious app and drag it to the trash icon in your dock. Right-click on the trash icon and press “Empty Trash”.
3. Delete the weknow search:
- Open Safari. Safari -> Preferences -> Search. Delete the search engine
- Open Google Chrome. Chrome menu (the three horizontal lines) ->Settings -> Manage search engines. Remove weknow.ac.
- Open Firefox. Firefox menu (the three horizontal lines) -> Preferences -> Search. Remove weknow.ac.
Delete the weknow add-on:
- Open Safari. Safari -> Preferences -> Extensions. Find and delete weknow.ac.
- Open Google Chrome. Type chrome://extensions/ in the address bar. Find and remove weknow.
- Open Firefox. Type about:addons in the address bar. Find and remove weknow.
You should also delete all weknow malware related files:
1. Press Shift + Cmd + G and type in /Library/LaunchAgents. Press Go.
2. Look for recently added strange files like myppes.download.plist, mykotlerino.ltvbit.plist and com.myppes.net-preferences.plist, and move them to the trash. Empty trash.
3. Do the same in /Library/Application Support and /Library/LaunchDaemons.