refer:https://macreports.com/how-to-remove-weknow-ac-malware-macos/

1-Remove the weknow.ac profile. Here is how:

  1. On your Mac, open System Preferences (click the System Preferences icon in the dock)
  2. Click Profiles
  3. Select AdminPrefs
  4. Delete this profile (AdminPrefs) by pressing the minus icon.
  5. Now delete search engine settings:
    1. Chrome: chrome://settings/searchEngines
    2. Safari: Safari > Preferences > Search

2-Delete weknow.ac. Remove anything weknow.ac related. Remove anything suspicious apps to the Trash folder. Look for recently added apps.

  1. Open the Applications folder
  2. Delete Weknow.ac or Weknow.ac.app also look for “MPlayerX”,“NicePlayer”. Look for suspicious apps.
  3. Empty Trash

3-Remove the weknow addon

  1. Safari: Safari > Preferences > Extensions > Locate the weknow.ac extension and remove it
  2. Google Chrome: Go to chrome://extensions/ and find the weknow.ac addon and remove it.
  3. Firefox: Go to about:addons and remove the addon.

4-Delete weknow files:

  1. Go > Go to Folder (or press Shift + Cmd + G)
  2. Enter /Library/LaunchAgents and click Go
  3. Look for suspicious files such as “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”. Some other names you should look for Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater, MplayerX, NicePlayer, installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist, com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, “com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”. If you see any of them, drag them to the Trash folder and then empty Trash.
  4. And now repeat the same process on the following folders:
    1. /Library/Application Support
    2. /Library/LaunchDaemons

5-If your browser is Chrome, follow the steps below to change some Chrome policies, if you are still having the problem:

  1. Open the Terminal app (Go > Utilities > Terminal or press Command+Space and search Terminal)
  2. Enter the commands below, hit Enter after each
  3. defaults write com.google.Chrome HomepageIsNewTabPage -bool false
  4. defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/”
  5. defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
  6. defaults delete com.google.Chrome DefaultSearchProviderSearchURL
  7. defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
  8. defaults delete com.google.Chrome DefaultSearchProviderName
  9. Restart Chrome

Please note that the developers behind weknow.ac are very sneaky and they will likely further develop this malware so this means that those tips may not work in near future. We will try to keep updating this posts.

find appname and plist ,just like

find . -name "*" |grep -i  UtilityOSDaemon

then delete all these files ;

source: https://macreports.com/how-to-remove-weknow-ac-malware-macos/

remove-weknow-ac from mac chrome的更多相关文章

  1. mac+chrome 最常用快捷键

    12个mac快捷键 命令 含义 command+空格 (先摁command再摁空格) Spotlight搜索 crt+command+F 最大化和关闭最大化切换 Command+H 隐藏当前窗口 Co ...

  2. 配置 Mac Chrome Inspect

    安装libimobiledevice :  Could not connect to lockdownd. Exiting.  报错解决 brew uninstall --ignore-depende ...

  3. [Web前端] mac chrome 浏览器强制刷新,清除浏览器缓存

    本文链接:https://blog.csdn.net/zeroyulong/article/details/79806156 mac 强制刷新:command+shift+r mac 普通刷新:com ...

  4. mac Chrome 快捷键

    从windows迁移到mac,会发现快捷键真的变了,这里先吹一下mac OS天下第一 另外没有bar确实也提高了效率,这一点还是值的 其实程序员最常用的是检查,windows下是F12,默认F12会被 ...

  5. Mac Chrome浏览器取消自动升级(最新版)

    做自动化突然冒出错误:SessionNotCreatedException: session not created: This version of ChromeDriver only suppor ...

  6. 解决Mac Chrome打开HTTPS证书错误问题

    goagent代理,在chrome下中总提示“该网站的安全证书不受信任” 并且没有 “继续访问” 的按钮. 解决方法 一.打开[应用程序]>[实用工具]>[钥匙串访问],并在左侧导航选择[ ...

  7. mac chrome 浏览器开启允许跨域

    在控制台输入下面代码: open -n /Applications/Google\ Chrome.app/ --args --disable-web-security  --user-data-dir ...

  8. mac chrome 强制刷新浏览器缓存

    普通刷新 command + r 强制刷新 command + shift + r

  9. mac chrome 驱动配置

    将解压后的chromedriver移动到/usr/local/bin目录下

随机推荐

  1. Linux磁盘故障案例

    原因:由于另外一块磁盘不存在,但是配置文件/etc/fstab中又有挂载的配置,挂载出问题就导致这样的故障. 输入root密码进去 编辑/etc/fstab文件把箭头指向的这一行注释掉或者删除掉.然后 ...

  2. Thread线程notify方法的自我理解

    感谢博主:http://zy19982004.iteye.com/blog/1626916 这篇博文给予我线程知识很大的帮助 知识背景:(1)wait().notify()均是Object的方法,故每 ...

  3. js demo1

    三位数求和 单选多选全选及取消 图片切换 验证QQ号 求数组的和   求1-10的偶数和 求数组最小值  和平均值 3个按钮各自切换ABC QQ列表 选项卡1 获取非行间样式的兼容写法 1-10的阶乘

  4. linux启动流程的理解

    1.bios 2.grub 选择 3.内核自解压vmlinux 4.内核引导的模式与变量(引导期内存分页映射)设置 #汇编级 5.内核内存再分页(内存空间映射),宏定义与设置,初始化consol,启动 ...

  5. c#线程池ThreadPool实例详解

    1. 如何查看线程池的最大线程数和最小线程数 static void Main(string[] args) { Console.WriteLine("----------线程池开始,线程I ...

  6. linux 计划任务 访问某个URL

    1.进入crontab文件的编写状态: crontab -e 2.进入编辑器后,按下 “ i ” 键,进入编辑模式,在编辑模式下,我们写上我们这次需要访问执行的脚本: 59 23 * * * /usr ...

  7. Echarts 一个开源图表设计工具

    一般来说,因有所需,方有所求.最近项目中有这方面的需求,用着感觉不错.特此记录!此处仅是一个简单的demo.官网地址:http://echarts.baidu.com/,相关文档.插件都有. 1.js ...

  8. java数字转IP 一行

    System.out.println(InetAddress.getByName(String.valueOf(12345)).getHostAddress());

  9. Centos7-跟踪用户操作记录并录入日志

    1. 添加bash全局配置文件: cd /etc/profile.d sudo -e vi log_command.sh 输入如下内容: export PROMPT_COMMAND='RETRN_VA ...

  10. Intel的CPU漏洞:Spectre

    最近觉得越来越忙,写博客都没精力了.一定是太沉迷农药和刷即刻了…… 17年年底,18年年初,Intel被爆出了Meltdown(熔断)和Spectre(幽灵)漏洞.等Spectre攻击的POC出来以后 ...