OSX/FakeAV-DOE is a variant of OSX/FakeAV-A malware family. This Trojan is known to be distributed in the file called
The user is then prompted to install an application that will supposedly fix the problems found—and ask for administrator credentials in order to install. If the user types in those credentials, the fake antivirus application installs in the /Applications folder and then launches.
OSX/FakeAV-DOE will then repeat the "detection" alert while also opening the pages referenced below in the system's default web browser. The Trojan then prompts the user to register the software to clean up the (fake) infections, bringing up an online payment page where the user can pay by credit card for a one year, two year, or lifetime license. This of course would provide a user's full contact information to the Trojan's authors.
As with other members of the OSX/FakeAV-A family of malware, OSX/FakeAV-DOE may attempt to contact one of the following sites:
gay DOT porn DOT com
buy-viagra-now DOT net
fitish DOT com
www DOT gay DOT com
www DOT porn DOT com
www DOT freebdsmgalleries DOT com