Severity scale:  
  (10/100) 7 steps removal guide provided. June 2019 update

removal by Ugnius Kiguolis - - | Type: Browser Hijackers is one of the most prominent browser hijackers that spreads via fake Flash installers and is designed for Macs - a browser hijacker which modifies the default search engine, new tab URL, and the homepage of affected browsers is a potentially unwanted program that falls into a browser hijacker[1] category and affects numerous browsers, such as Google Chrome, Safari, and Mozilla Firefox. Initially, PUPs are not considered to be serious computer threat, but this case is a little different, as Weknow AC is known to be distributed via the fake Flash Player installers  – a feature that is prevalent in malware.

As soon as is installed, it changes the search engine to Smart Search which redirects to WebCrawler – it brings up search results that are not genuine and littered with sponsored links and ads. For that reason, users often end up on sites that are affiliated with, bringing the Israeli-based developer profits for each made click.

Questions about

By spreading the browser hijacker to hundreds of users, its developers ensure a stable income. Therefore, retains persistence when users are trying to get rid of it, and the hijacker is using many tricks to prevent its removal, for example, it changes Chrome's group policies. Some advanced methods need to be used to eliminate hijack – we provide more details below.

Type Browser hijacker
Danger level High. Actively affects computer systems
OS affected Mac OS X, macOS
Affiliates WebCrawler, Smart Search, MacKeeper, etc.
Browsers affected Chrome, Firefox, Safari
Details gathered
  • Technical information;
  • Usage information;
  • Social networks;
  • Registration related information;
  • Support related information.
To avoid Stay away from dubious sites, do not use secondary installers, download and install an antivirus.
Spreads by Software bundles, malicious ads promoting fake Adobe Flash player, etc.
Deletion process Use ReimageIntego to get rid of the PUP completely

As soon as malware establishes itself, it will engage in promotional campaigns that push unsafe tools for Macs, such as the notorious MacKeeper. You should never download and install the fake system optimizers, as they can bring more trouble to your device and will only result in the waste of money.

Unlike most other browser hijackers, this one only affects macOS users, although it does not mean that developers will not create a version compatible with Windows-based systems. Browser-hijacking applications such as come with thru fake ads or bundled software. Here is one of the examples[2]:

While browsing with Chrome two days ago, I made the idiotic mistake of clicking on a Flash download popup and immediately noticed signs of infection by this malware. 

However, software bundling is the most prominent PUP[3] distribution method. To create revenue, developers of virus employ various tracking technologies, such as beacons, tracking cookies, JavaScript, and similar. With the help of these tools, various non-personal details are transferred to the app's authors. The information contains:

  • Information regarding the victim's device;
  • Apps used;
  • Bookmarks;
  • Search queries;
  • Websites viewed and the length of the visit;
  • User's interaction on social networks;
  • Links clicked;
  • IP address;
  • Internet service provider (ISP), etc.

While the most of such data is personally non-identifiable, personal information is also collected:

While it is not our intention to collect any personally identifiable information (“PII”) (except for registration and user support purposes as set forth in this Privacy Policy), the data collected may include PII.

This data includes email address, Social Security Numbers, Credit Card numbers, Login information, and other data. Such information is sensitive and should not be retained by unknown third-parties, as it can result in its leak – cybercriminals might use it for malicious purposes, such as identity fraud.[4]

Therefore, it is essential to keep your personal information safe and not to disclose it inside third-party websites could redirect you to. from questionable websites. 

To avoid such data leakage, perform removal by manually eliminating the threat or using professional security software. We suggest using ReimageIntego, although you can use any other anti-malware software of your liking. 

Additionally, hijack can result in numerous redirects to suspicious websites. This kind of pages may even contain harmful components (such as keyloggers, ransomware, crypto-miner or trojan horses). In some cases, you might end up infecting your machine with these malicious programs and harming system files, which can result in personal data loss. - a PUP which installs secretly thru other programs that a user downloads from the Internet.

All in all, we recommend you remove fro your computer as soon as possible. The annoying ads, system slowdowns, and even potential information leakage is something you could experience on a daily basis. Thus, you are better off without the unwanted application on your PC.

However, in some situations, you might face issues related to fixing your system as We Know malware tends to modify Chrome policies or Safari bookmarks to make them launched once the browser is started. In this case, reinstalling the web browser works the best.

Relations are found between and other browser hijackers appears to be not the only one of its kind. Other similar versions which share an identical search engine have been discovered. The operating principle of these threats is always the same – to approach web browsers secretly and modify their settings for bogus activity promotion. Read all about the PUPs down below.

Searcreetch is a browser-hijacking application that appears on a particular web browser, e.g. Chrome, Firefox, Explorer, Safari, Edge after the SearCreetch extension is installed. Furthermore, unwanted changes begin and you will find your search engine changes to

What is the worst part of browser hijacker is that you are forced to use the modified web browser engine, homepage, and new tab zone unless you remove the virus from your system and browsers entirely. In addition, you will supposedly be bombarded with loads of annoying advertisements and experience intrusive redirects during browsing tasks.

Searchmine is another browser hijacker that relates to regarding the same engine shared. Most often, this potentially unwanted program reaches the system through bundling or unprotected networks and plants itself in some type of web browser. In addition, bogus entries are also added to the Windows Registry section.

Once infected with this rogue application, be prepared to deal with unpleasant activities such as advertising and redirecting during browsing sessions. Besides, might aim to gather information about your browsing activities and use it for income-related purposes. Usually, such type of data is gathered in order to create beneficial-looking offers.

Browser hijacker infiltration techniques and ways to avoid it

According to tech professionals[5], PUPs spread bundled in freeware or shareware packages.[6] These free applications obtain online can contain optional components that could be removed before the installation is complete. Unfortunately, developers often fail to disclose the information how to do so, and deceptively ask users to use Recommended or Quick installation modes. is a potentially unwanted program that comes via bundled freeware or even installs additional content to the device.

In order to avoid browser hijacker infections, follow these guidelines:

  • When installing free software, always opt for Advanced or Custom installation settings. Then, remove all the optional components before the installation of the desired application is finalized;
  • Avoid browsing questionable websites, as well as file-sharing domains;
  • Download and install an antivirus program on your computer. If kept up-to-date it can detect even the most recent threats;
  • Finally, be attentive and do not trust everything that is suggested to you on the internet.

Check our Weknow AC removal guide on YouTube removal might be challenging – we already mentioned that the browser hijacker uses advanced persistence techniques in order to stay inside the infected computer as long as possible. Therefore, moving the unwanted app into the Trash folder is usually not enough.

If you are a novice computer user or find it difficult to follow written guides – we prepared a comprehensive video that will help you terminate browser hijacker and stop it from showing alternative search results on all browsers, as well as displaying intrusive pop-up ads on all websites that you visit.

Eliminate the fake search engine quickly

If you want a fast virus removal, consider downloading and installing an anti-malware program. Pick one of the programs mentioned below, download it and bring it up to date. These tools will get rid of the cyber threat within a couple of minutes. sponsored search resultsThe custom Web Crawler search engine that is set by the hijacker always displays advertisements at the top, consequently altering users' visited pages.

To remove manually, you should eliminate all browser extensions and questionable applications that you do not recognize. For that, follow our step-by-step guide below this article. Make sure that execute each step with great caution. If you make mistakes, virus might return.

However, users mentioned that even after removing Weknow AC malware from the system as well as browsers, the hijacked search engine would not go away on Google Chrome, as the PUP modifies the Polices of the browser. Here's what to do to fix that (advanced removal):

  • Go to the Application folder on your Mac;
  • Select Utilities and double-click on Terminal to open it;
  • In the command prompt, type in the following lines and hit Enter after each:

    defaults write HomepageIsNewTabPage -bool false
    defaults write NewTabPageLocation -string “”
    defaults write HomepageLocation -string “”
    defaults delete DefaultSearchProviderSearchURL
    defaults delete DefaultSearchProviderNewTabURL
    defaults delete DefaultSearchProviderName

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove, follow these steps:

Erase from Windows systems

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall and related programs
    Here, look for or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Delete from Mac OS X system

If you got a browser hijacker infection on your Mac operating system, follow these guidelines in order to get rid of it:

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the entries.Uninstall from Mac 2

Remove from Internet Explorer (IE)

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example,
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete removal.Reset Internet Explorer

Eliminate from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Get rid of from Mozilla Firefox (FF)

If is performing the malicious activity on your Mozilla Firefox browser, consider removing it by following this guidance:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete removal. Click on 'Reset Firefox' button for a couple of times

Uninstall from Google Chrome

Remove the PUP from Google Chrome by looking through these instructions:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete removal. Click on 'Reset' button to complete your removal

Erase from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete removal process. Select all options and click on 'Reset' button

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

Removal guides in other languages

Your opinion regarding