![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
computer viruses
After a routine OS update yesterday, our desktop Mac came up with some different options set (like hiding the dock until you mouse-over it, and none of the several dozens of icons that had been on the desktop). And when I opened Chrome to do something else, I got the Google-looking-but-not-actually-Google "search" window from weknow. Safari, ditto. Damn, I thought I had cleaned up that weknow infection months ago; how did we get a new one? We haven't installed anything new recently that could have come with a viral payload... except the automatic upgrade to 10.14.4.
Anyway, I looked up "how to remove weknow" in a Google search window and found the same several articles as last time, followed the directions (you have to look in the Applications folder, and /Library/LaunchDaemons, and /Library/LaunchAgents, and ~/Library/LaunchAgents, and the extensions preferences for any and all infected browsers, and you have to clobber a user profile named AdminPrefs), rebooted the machine... and Chrome is still coming up with new tabs pointing at weknow.
I looked in all the same places again, and it hasn't visibly come back to any of them. (In the process, I also found and removed some bits of Mac Auto Fixer and MyCouponSmart, which I gather have a mutual-support pact).
Rebooted again... and Chrome is still coming up with new tabs pointing at weknow. Safari seems to be fixed, though. The "On startup" preference is set to "new tab page", but I don't see where "new tab page" is defined.
Let's try "reset settings to original defaults"... which takes a remarkably long time... and the "new tab" window is still pointing to weknow! (*@#&^)(#%&
Blew away ~/Library/Saved Application State/com.google.Chrome.savedState/windows.plist, reopened Chrome, and it's still pointing to weknow.
Blew away ~/Library/Saved Application State/com.google.Chrome.savedState, rebooted, reopened Chrome, and it's still pointing to weknow.
Anyway, I looked up "how to remove weknow" in a Google search window and found the same several articles as last time, followed the directions (you have to look in the Applications folder, and /Library/LaunchDaemons, and /Library/LaunchAgents, and ~/Library/LaunchAgents, and the extensions preferences for any and all infected browsers, and you have to clobber a user profile named AdminPrefs), rebooted the machine... and Chrome is still coming up with new tabs pointing at weknow.
I looked in all the same places again, and it hasn't visibly come back to any of them. (In the process, I also found and removed some bits of Mac Auto Fixer and MyCouponSmart, which I gather have a mutual-support pact).
Rebooted again... and Chrome is still coming up with new tabs pointing at weknow. Safari seems to be fixed, though. The "On startup" preference is set to "new tab page", but I don't see where "new tab page" is defined.
Let's try "reset settings to original defaults"... which takes a remarkably long time... and the "new tab" window is still pointing to weknow! (*@#&^)(#%&
Blew away ~/Library/Saved Application State/com.google.Chrome.savedState/windows.plist, reopened Chrome, and it's still pointing to weknow.
Blew away ~/Library/Saved Application State/com.google.Chrome.savedState, rebooted, reopened Chrome, and it's still pointing to weknow.