Question About Unhide / Transitory Process
Hello,
running unhide ( unhide-20130526-1.el7.x86_64 ) on CentOS 7 i get sometimes messages like:
Found HIDDEN PID: 30784
Cmdline: “
Executable: “
“
On a second unhide run immediately after it, the process seems to have vanished. Also, i do not see anything about it in /proc, and rkhunter and chkrootkit do _not_ detect it.
How can i debug or do some further tests? I want to make sure that this is a false positive and not a rootkit.
Thanky a lot in advance, ulrich
Recent Comments