refer:https://macreports.com/how-to-remove-weknow-ac-malware-macos/

1-Remove the weknow.ac profile. Here is how:

  1. On your Mac, open System Preferences (click the System Preferences icon in the dock)
  2. Click Profiles
  3. Select AdminPrefs
  4. Delete this profile (AdminPrefs) by pressing the minus icon.
  5. Now delete search engine settings:
    1. Chrome: chrome://settings/searchEngines
    2. Safari: Safari > Preferences > Search

2-Delete weknow.ac. Remove anything weknow.ac related. Remove anything suspicious apps to the Trash folder. Look for recently added apps.

  1. Open the Applications folder
  2. Delete Weknow.ac or Weknow.ac.app also look for “MPlayerX”,“NicePlayer”. Look for suspicious apps.
  3. Empty Trash

3-Remove the weknow addon

  1. Safari: Safari > Preferences > Extensions > Locate the weknow.ac extension and remove it
  2. Google Chrome: Go to chrome://extensions/ and find the weknow.ac addon and remove it.
  3. Firefox: Go to about:addons and remove the addon.

4-Delete weknow files:

  1. Go > Go to Folder (or press Shift + Cmd + G)
  2. Enter /Library/LaunchAgents and click Go
  3. Look for suspicious files such as “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”. Some other names you should look for Genieo, Inkeeper, InstallMac, CleanYourMac, MacKeeper, SoftwareUpdater, MplayerX, NicePlayer, installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist, com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, “com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”. If you see any of them, drag them to the Trash folder and then empty Trash.
  4. And now repeat the same process on the following folders:
    1. /Library/Application Support
    2. /Library/LaunchDaemons

5-If your browser is Chrome, follow the steps below to change some Chrome policies, if you are still having the problem:

  1. Open the Terminal app (Go > Utilities > Terminal or press Command+Space and search Terminal)
  2. Enter the commands below, hit Enter after each
  3. defaults write com.google.Chrome HomepageIsNewTabPage -bool false
  4. defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/”
  5. defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
  6. defaults delete com.google.Chrome DefaultSearchProviderSearchURL
  7. defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
  8. defaults delete com.google.Chrome DefaultSearchProviderName
  9. Restart Chrome

Please note that the developers behind weknow.ac are very sneaky and they will likely further develop this malware so this means that those tips may not work in near future. We will try to keep updating this posts.

find appname and plist ,just like

find . -name "*" |grep -i  UtilityOSDaemon

then delete all these files ;

source: https://macreports.com/how-to-remove-weknow-ac-malware-macos/

remove-weknow-ac from mac chrome的更多相关文章

  1. mac+chrome 最常用快捷键

    12个mac快捷键 命令 含义 command+空格 (先摁command再摁空格) Spotlight搜索 crt+command+F 最大化和关闭最大化切换 Command+H 隐藏当前窗口 Co ...

  2. 配置 Mac Chrome Inspect

    安装libimobiledevice :  Could not connect to lockdownd. Exiting.  报错解决 brew uninstall --ignore-depende ...

  3. [Web前端] mac chrome 浏览器强制刷新,清除浏览器缓存

    本文链接:https://blog.csdn.net/zeroyulong/article/details/79806156 mac 强制刷新:command+shift+r mac 普通刷新:com ...

  4. mac Chrome 快捷键

    从windows迁移到mac,会发现快捷键真的变了,这里先吹一下mac OS天下第一 另外没有bar确实也提高了效率,这一点还是值的 其实程序员最常用的是检查,windows下是F12,默认F12会被 ...

  5. Mac Chrome浏览器取消自动升级(最新版)

    做自动化突然冒出错误:SessionNotCreatedException: session not created: This version of ChromeDriver only suppor ...

  6. 解决Mac Chrome打开HTTPS证书错误问题

    goagent代理,在chrome下中总提示“该网站的安全证书不受信任” 并且没有 “继续访问” 的按钮. 解决方法 一.打开[应用程序]>[实用工具]>[钥匙串访问],并在左侧导航选择[ ...

  7. mac chrome 浏览器开启允许跨域

    在控制台输入下面代码: open -n /Applications/Google\ Chrome.app/ --args --disable-web-security  --user-data-dir ...

  8. mac chrome 强制刷新浏览器缓存

    普通刷新 command + r 强制刷新 command + shift + r

  9. mac chrome 驱动配置

    将解压后的chromedriver移动到/usr/local/bin目录下

随机推荐

  1. Hello vue.js的随笔记录

    数据双向绑定的script在组件定义位置后面才顶用. 使用它的话,引用js就好,比较简单. 声明一个vm对象,new Vue({}).这个构造里传一个对象,包含el:界面元素,data:数据,meth ...

  2. Python之file方法

        def fileno(self): #  文件描述符               def flush(self): #  刷新文件内部缓冲区             def isatty(se ...

  3. LNMP(三)

    第二十二次课 LNMP(三) 目录 一.Nginx负载均衡 二.ssl原理 三.生成ssl密钥对 四.Nginx配置ssl 五.php-fpm的pool 六.php-fpm慢执行日志 七.open_b ...

  4. firefox 屏蔽Backspace按键的后退功能

    直接上图

  5. Struts2中Action之ResultType

    我们在struts-defalut.xml文件中可以看到如下图所示: 这些类型是配置文件所带的.接下来我们主要讲解我标注出来的这个,其他的我就不做详解了,有兴趣的可以去试试. web.xml文件我在这 ...

  6. mongo中的游标与数据一致性的取舍

    除了特殊注释外,本文的测试结果均基于 spring-data-mongodb:1.10.6.RELEASE(spring-boot-starter:1.5.6.RELEASE),MongoDB 3.0 ...

  7. 十四、使用framebuffer填充纯色

    简单描述一下framebuffer的使用,它其实就相当于将屏幕上的像素映射到内存中,改变内存中的内容后屏幕自动就变颜色了. 首先要调用open("/dev/fb0", O_RDWR ...

  8. Linux 网络编程(一)--Linux操作系统概述

    一.Linux的内核版本 Linux内核的编号采用如下编号形式: 主版本号.此版本号.主补丁号.次补丁号 例如:2.6.26.3 第一个数字”2”是主版本号,表示第2大版本. 第二个数字”6”是此版本 ...

  9. java面向对象编程(七)--四大特征之多态

    1.多态概念 多态性是对象多种表现形式的体现.比如我们说"宠物"这个对象,它就有很多不同的表达或实现,比如有小猫.小狗.蜥蜴等等.那么我到宠物店说"请给我一只宠物&quo ...

  10. 派生 de rive

    ''' de rive 派生 python2 (经典类|新式类) python3 (新式类) 1. What is derive? 什么是派生? 派生:子类定义自己新的属性,如果与父类同名,以子类自己 ...