How to use OSX Rootkit Hunter: Basics

1) The installed folder, with the app and all the subfolders, MUST be left in the Applications folder as is. DO NOT MOVE IT. Why? This is just a bare bones GUI of what is actually a CLI application that runs in the Terminal. In order to work it must be in exactly the location it expects to be in order for it to access all the files it requires when it runs. You also must NOT change the name of anything, including the folder for the app. It's UNIX stuff. It's annoying if you're not used to it.

2) When you run the app and hit the "start rootkit scan" button, the Terminal cranks up and Rootkit Hunter runs a script of stuff to check. You should get a Terminal window with a bunch of tests and results scrolling down. If you have any nasty stuff in your system, it will be listed in the Terminal window. You may well get some innocuous 'warning' listings. Unless you're a UNIX geek, don't worry about them. If you want to save the results you can Print them, from the File menu. I save my test results for everything in a "Reports" folder I keep in my Documents folder. I label what app created the results and the date.

3) When you Quit the app, you'll note that the Terminal windows does NOT Quit, so you have to DIY.

4) There is a FAQ buried in the files inside the folder where the app is located. Go to:
/Applications/OSXrkhunter/share/doc/rkhunter-1.3.0/FAQ . It has some useful stuff about the application. Some of it is geek-speak, but some is of interest to others, including what to do if you get a positive result for a rootkit, lord forbid. There is also another README file buried in there as well. It is for intermediate users and above who want to know more detail or who want to join the rkhunter-users mailing list or visit the rkhunter SourceForge website.

Hope that helps!
:-Derek