All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Handpicked deals...
$2799 $2099
SAVE $700

$199 $99
SAVE $100

$1599 $1149
SAVE $450

$1499 $999
SAVE $500

$140 $100
SAVE $40

$699 $549
SAVE $150

$4499 $2649
SAVE $1850

$1699 $1199
SAVE $500

$5999 $5499
SAVE $500

$181 $141
SAVE $40

$7699 $7199
SAVE $500

$4499 $2649
SAVE $1850

$400 $330
SAVE $70

$4499 $2649
SAVE $1850

$4999 $4599
SAVE $400

$2350 $1950
SAVE $400

$1699 $1299
SAVE $400

$799 $699
SAVE $100

$200 $157
SAVE $43

$1997 $897
SAVE $1100

$250 $110
SAVE $140

$1398 $898
SAVE $500

$1199 $1099
SAVE $100

$3999 $2499
SAVE $1500

$200 $170
SAVE $30

$3999 $2499
SAVE $1500

$1498 $1398
SAVE $100

$2497 $1897
SAVE $600

$748 $598
SAVE $150

$899 $699
SAVE $200

Upgrade the memory of your 2019 iMac up to 128GB

Browser Hijacking: the WeKnow.ac Malware

I was helping a client with a few issues on her Mac, when I noticed odd behavior in the web browser on her machine. In the space of a few moments, I saw:

  • An “update your Adobe Flash” install popup window (NEVER do this!!!!)
  • Another popup window trying to sell software by scumbags (MacKeeper semi-malware).
  • Two folders containing shell scripts that wrote to /tmp, enable execute permissions and executed some script.
  • Safari was hijacked in a way that prevented setting any home page, and the default page was set to the web site "weknow.ac" (don’t visit it!).

From what I could tell, the problem started from her having clicked on an “Update Flash” prompt that came from an infected website.

Her machine was infected with the WeKnow.ac malware. It does all sort of annoying things but the main thing is that much worse things are likely to result from it via information stealing, redirection to dangerous web sites, etc. This page at macpaw.com has a good how-to remove WeKnow.ac without frequently trying to sell you new software to fix it.

I was able to clean up the mess, but most people will have trouble doing so. There are lots of "how to" cleanup pages, most of which push anti-virus software (which MPG is at best ambivalent on and does not recommend). Don’t panic and find an expert to help you (does Apple help with such stuff?) or research fixit software and the company selling it before buying anything.

Downloading software that purports to remove WeKnow.ac is itself a risk—how would you know that it itself is not malware?! Certainly do not click through any link on a fixit page. Research it separately if you want to use other software to fix it.

Question for Apple: what is wrong with macOS that it allows this kind of well-known longstanding malware to infect a computer?


Deals Updated Daily at B&H Photo
View all handpicked deals...

Peak Design Everyday Messenger 15" Version 1 (Heritage Tan)
$199 $99
SAVE $100

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__