remove-weknow-ac from mac chrome

refer:https://macreports.com/how-to-remove-weknow-ac-malware-macos/

 1-Remove the weknow.ac profile. Here is how:

  1. On your Mac, open System Preferences (click the System Preferences icon in the dock)
  2. Click Profiles
  3. Select AdminPrefs
  4. Delete this profile (AdminPrefs) by pressing the minus icon.
  5. Now delete search engine settings:
    1. Chrome: chrome://settings/searchEngines
    2. Safari: Safari > Preferences > Search

2-Delete weknow.ac. Remove anything weknow.ac related. Remove anything suspicious apps to the Trash folder. Look for recently added apps.

  1. Open the Applications folder
  2. Delete Weknow.ac or Weknow.ac.app also look for “MPlayerX”,“NicePlayer”. Look for suspicious apps.
  3. Empty Trash

3-Remove the weknow addon

  1. Safari: Safari > Preferences > Extensions > Locate the weknow.ac extension and remove it
  2. Google Chrome: Go to chrome://extensions/ and find the weknow.ac addon and remove it.
  3. Firefox: Go to about:addons and remove the addon.

4-Delete weknow files:

  1. Go > Go to Folder (or press Shift + Cmd + G)
  2. Enter /Library/LaunchAgents and click Go
  3. Look for suspicious files such as “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”. Some other names you should look for Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater, MplayerX, NicePlayer, installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist, com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, “com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”. If you see any of them, drag them to the Trash folder and then empty Trash.
  4. And now repeat the same process on the following folders:
    1. /Library/Application Support
    2. /Library/LaunchDaemons

5-If your browser is Chrome, follow the steps below to change some Chrome policies, if you are still having the problem:

  1. Open the Terminal app (Go > Utilities > Terminal or press Command+Space and search Terminal)
  2. Enter the commands below, hit Enter after each
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName

     3.Restart Chrome

Please note that the developers behind weknow.ac are very sneaky and they will likely further develop this malware so this means that those tips may not work in near future. We will try to keep updating this posts.

find appname and plist ,just like 

find . -name "*" |grep -i  UtilityOSDaemon

then delete all these files ; 

 source: https://macreports.com/how-to-remove-weknow-ac-malware-macos/

weknow.ac”会更改一组Chrome政策,以便设置新的默认主页,新标签行为等。您可以在网址栏中输入 chrome://policy/ 来查看当前的Chrome政策。如果你被感染了,它应该是非常明显的,因为我们将会显示由你知道改变的六个左右的政策。

此时,我们所要做的就是使用命令行删除/修改受影响的策略:
1,您需要打开“终端”应用程序。
2,将下面的代码一条一条复制到终端后,(每条中间加一个 [空格] ) 按回车键

defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string "[https://www.google.com/](https://www.google.com/)"
defaults write com.google.Chrome HomepageLocation -string "[https://www.google.com/](https://www.google.com/)"
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName

3,重新启动Chrome后,更改才会生效。

 


 
链接:https://www.jianshu.com/p/36681925d56d
 
 
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/lavin/p/10524295.html