Hello,

running unhide ( unhide-20130526-1.el7.x86_64 ) on CentOS 7 i get sometimes messages like:

Found HIDDEN PID: 30784
Cmdline: “”
Executable: “”
“ … maybe a transitory process”

On a second unhide run immediately after it, the process seems to have vanished. Also, i do not see anything about it in /proc, and rkhunter and chkrootkit do _not_ detect it.

How can i debug or do some further tests? I want to make sure that this is a false positive and not a rootkit.

Thanky a lot in advance, ulrich