OSX/Dok Malware Removal (for MacOS)


How irritating is this virus?

Everybody’s heard of the notorious Trojan horse viruses, but not everyone’s actually ever encountered one. But once you do, reality hits and it’s not a pleasant one. One of the latest Trojans out there that’s been terrorizing Mac users is called OSX/Dok and it’s nothing to mess around with. If you have found that your machine has been invaded by this particular piece of malware, it’s up to you to see to its timely removal, in order to prevent any further damage that it may cause. And for that purpose we have prepared a very detailed removal guide for you. You can find it below this article, but before you head over to the instructions, we recommend that you first read through the following information so you have a better understanding of what it is you’re up against.

What is OSX/Dok and how dangerous is it?

Trojans are responsible for a whopping 75% of all malware infections, and there’s a very good reason for that. For one, they’re incredibly stealthy and can remain undetected on the victim’s computer for weeks, months or even years without being detected. Another thing about this particular malware category is that it can be used for a variety of different purposes, which makes it a universal tool for crime. Now, as for OSX/Dok specifically, it’s been designed to infect Apple’s Mac computers in particular. What makes it even more dangerous, though, is that it can avoid being detected by most if not all antivirus programs. Furthermore, not even the Mac Gatekeeper security feature will be able to prevent it from entering your system.

Now, you may be wondering what exactly this virus does, once it’s infected your computer. And you’re not going to like what we have to say. OSX/Dok actually uses a proxy server to redirect the victim’s traffic, making it accessible to the hackers and criminals behind this Trojan. This means that all your most sensitive and valuable data can become known to malicious third parties and can be used against you. Even information that is encrypted by SSL will not be protected and can fall into the hands of these cybercriminals. Thus, you can unknowingly give up personal details and financial information, such as credit card numbers, passwords, etc. This, in turn, can open the doors for numerous ways possibilities of being victimized. You social media accounts can be hijacked, or you can be drained of all your money. In addition, your personal details may be exploited so as to commit other crimes on your behalf.

But how does one actually get infected with OSX/Dok? Perhaps you, as one of the affected users, are still trying to figure out what loophole it must have used to infiltrate your Mac. Well, as reports have shown, the hackers behind this Trojan are using a spam email campaign for its distribution. The emails typically contain an attached file called Dokument.zip. As soon as you have downloaded and/or opened the file, the virus will copy itself to your Mac’s Shared folder and will then execute itself from that location. Needless to say that all of this will run without showing any visible signs that would give it away. After this, you will be greeted by a notification that appears to be coming from Apple, saying that you need to install security updates. As you won’t be able to do much else unless you accept, you will be forced to do so and that will, in turn, give OSX/Dok administer privileges on your computer.

How to prevent an attack?

Once you’ve gotten rid of this virus, it’s important that you know how to protect yourself from it and others like it in the future. First of all, don’t go about clicking on random spam messages that you may receive via email or other messaging platforms. Unless you know you can trust the source and there’s nothing remotely suspicious about it, it’s best that you simply delete the message without interacting with it. Other common sources of Trojans and other malware are malvertisements or fake ads. They look like your regular online ad, such as a popup or banner, but actually harbor a virus, which can be unleashed on you after a single click. Try not to interact with online ads either and just generally steer clear of unsafe web locations.

SUMMARY:

Name OSX/Dok
Type Trojan Malware
Danger Level High 
Symptoms A notification requiring you to install security updates will appear, preventing you from doing anything else until you accept.
Distribution Method Via spam email campaigns containing an attached file called Dok.zip
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

OSX/Dok Malware Removal

Step1

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyRemoverPro - a professional Parasite removal tool.

The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Start Activity Monitor by opening up Finder, then proceed to activity-monitor

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:

chromeinfo

Now click on Sample at the bottom:

chromesample

Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

Step3

The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

First, Force Quit Safari again.

Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.

Step4

Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

Preferences in Safari

and then again on the Extensions tab,

extensions in safari

Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.
Step5

  • Locate and delete the following files:

/usr/local/bin/SafariProxy

/Users/Shared/AppStore.app

~/Downloads/Dok.zip

~/Downloads/Dok/Dokument/Contents

~/Library/LaunchAgents/com.apple.Safari.pac.plist

~/Library/LaunchAgents/com.apple.Safari.proxy.plist

  • Go to Network=> and clear all your configuration files (Wi-Fi, Ethernet, Proxies etc.) by unchecking Automatic Configuration and clearing URL for any Configuration files.
  • Go to Terminal=> cd /tmp; ls -alF (check if you see the “cert.der” entry. If you do then type security remove-trusted-cert -d /tmp/cert.der in the Terminal. Then go back and type rm /tmp/cert.der.
  • Again go to the Terminal and be careful this time when typing: sudo visudo, then type your Admin user name, then user the arrow key on your Mac to navigate to the beginning of the line %USER_NAME_HERE%  ALL=(ALL) NOPASSWD: ALL. Type dd. The line should now disappear. If so then type :wq!

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!