While there are very few viruses that affect OS X, there are a number of rootkits that can compromise the security of your Mac. This tutorial will guide you through using OS X Rootkit Hunter to check your Mac for any rootkit related problems.
- Start out by downloading OS X Rootkit Hunter. Open the .dmg file and run the installer.
- Once it’s installed, navigate to Applications -> OSXrkhunter -> Rootkit Hunter and run it.
- Click the start rootkit scan button.
- You’ll be prompted to enter your password. Do so.
- A Terminal window will open and Rootkit Hunter will start.
- A bunch of text will fly by – you don’t have to worry to much about making sure you read it all (it’ll probably scroll too fast anyway) – Rootkit Hunter will create a log file for you to review once it has completed the scan.
- When it’s done, pressy ctrl+c and then ctrl+d to close the Terminal window (you can skip the ctrl+d if you want to review the log file, you’ll need an open Terminal window).
- To review the log file, at the command prompt in a Terminal enter cd /tmp. Then issue the command cp rkhunter.log ~/Desktop – which will copy the log file to your Desktop.
- Double-click the rkhunger.log file that’s now on your Desktop.
- Scroll to the bottom of the log, and review the System checks summary section. In particular, look for a line that states One or more warnings have been found while checking the system.
- If that line exists, press ctrl+f to run a search, and search for the word warning. As seen in the screenshot below, there was a warning about a file on my system. The file in question (/usr/share/man/man5/.rhosts.5.gz was in fact harmless. If you’re unsure if a file is harmful, do a Google search on the file name and see if you can find pages that describe the file.
{ 12 comments… read them below or add one }
Interesting, thanks. How common are rootkit “infections” in OS X? I’ve never come across this before, but at the same time have never looked into it in any depth…
I downloaded this but could never even find the program on my Mac, so it didn’t work for me.
Leann,
It wasn’t in the /Applications/OSXrkhunter/ folder? I just uninstalled it and then re-installed, and that’s where it wound up again… (?)
No, I couldn’t find it there. I don’t know why. It’s puzzling. I even restarted the computer and it still wasn’t there.
Better is to install macports, then install checkrootkit from the command line:
sudo port install chkrootkit
which gives the same program, but then from a source known.
Best,
Rob
So how do I know this thing is not a root kit itself
sdf,
You’ll have to take the authors word for it. That, and the thousands of users
If it was, it would be widely known as bad software.
Did anyone make progress with rootkit hunter? I couldn’t find the program either??
I followed the instructions and the log file never appeared on the Desktop. Any suggestions?
Hello, I run the application and I have two questions.
First : I get the message that the command properties text is not supported. Does this means the results of the scan is not accurate ?
Second : I got two suspects applications, but which one ? How do i find out ?
Thanks
How can we be sure, this magnificent program is not going to open a hole in our systems or be itself a rootkit?
Of course, once you go mac, you never go back… you go forward to Linux