Hi Xiscu! That's not unhide.rb.
Do "apt-get install unhide.rb", then run "unhide.rb". Then post the result of that. Regards //Johan 2013/1/6 xiscu <xi...@email.de> > I'm not sure if I have to forward that to you. Sorry if not! > I got : > > ------------- > > Thank you for the additional information you have supplied regarding > this Bug report. > > This is an automatically generated reply to let you know your message > has been received. > > Your message has not been forwarded to the package maintainers or > other interested parties; you should ensure that the developers are > aware of the problem you have entered into the system - preferably > quoting the Bug reference number, #624694. > > If you wish to submit further information on this problem, please > send it to624694-qu...@bugs.debian.org**. > > Please do not send mail toow...@bugs.debian.org unless you wish > to report a problem with the Bug-tracking system. > > -- 624694: > http://bugs.debian.org/cgi-**bin/bugreport.cgi?bug=624694<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624694>Debian > Bug Tracking System Contact > ow...@bugs.debian.org with problems ----------------- > > > > -------- Original Message -------- > Subject: Bug#624694: Please try unhide.rb > Resent-Date: Sat, 05 Jan 2013 13:45:04 +0000 > Resent-From: Debian BTS <debb...@buxtehude.debian.org> > Resent-To: xiscu <xi...@email.de> > Date: Sat, 05 Jan 2013 14:43:50 +0100 > From: xiscu <xi...@email.de> > Reply-To: xiscu <xi...@email.de>, 624694-qu...@bugs.debian.org > To: 624694-qu...@bugs.debian.org > CC: 624694-submitter@bugs.debian.**org<624694-submit...@bugs.debian.org> > > > > On 01/04/2013 03:51 PM, Johan Walles wrote: > >> Hi! >> >> Can you please post the output of running unhide.rb on the same system? >> >> .rb will print the name of any detected hidden processes for you. >> >> Better diagnostics than the original unhide was among the design goals >> for unhide.rb. >> >> Regards //Johan >> >> I'm not sure if that what you mean with 'Unhide.rb' (see below) but the > actual output is: > > =============== > # unhide -v sys > Unhide 20110113 > http://www.unhide-forensics.**info <http://www.unhide-forensics.info> > [*]Searching for Hidden processes through getpriority() scanning > > [*]Searching for Hidden processes through getpgid() scanning > > [*]Searching for Hidden processes through getsid() scanning > > [*]Searching for Hidden processes through sched_getaffinity() scanning > > [*]Searching for Hidden processes through sched_getparam() scanning > > [*]Searching for Hidden processes through sched_getscheduler() scanning > > [*]Searching for Hidden processes through sched_rr_get_interval() scanning > > [*]Searching for Hidden processes through kill(..,0) scanning > > [*]Searching for Hidden processes through comparison of results of > system calls > > [*]Searching for Hidden processes through sysinfo() scanning > > WARNING : info.procs changed during test : 311 (was 309) > WARNING : info.procs changed during test : 309 (was 311) > HIDDEN Processes Found: 1 sysinfo.procs = 309 ps_count = 311 > > =============== > # find / -name '*nhide*' > /var/lib/dpkg/info/unhide.**postinst > /var/lib/dpkg/info/unhide.**md5sums > /var/lib/dpkg/info/unhide.**triggers > /var/lib/dpkg/info/unhide.list > /usr/sbin/unhide > /usr/sbin/unhide-tcp > /usr/share/doc/unhide > /usr/share/doc/lm-sensors/**examples/hotplug/unhide_ICH_**SMBus > /usr/share/man/man8/unhide.8.**gz > /usr/share/man/man8/unhide-**posix.8.gz > /usr/share/man/man8/unhide-**tcp.8.gz > /usr/share/man/man8/unhide-**linux26.8.gz > /usr/share/man/es/man8/unhide.**8.gz > /usr/share/man/fr/man8/unhide.**8.gz > /usr/share/lintian/overrides/**unhide > =============== > > >
