Hidden PID using unhide brute

Should I be worried that unhide keeps giving me entries for hidden pids? It says they could be transient processes, I'm guessing kernel threads, but it's still a bit weird to see that on what should be a clean system. I haven't noticed anything out of the ordinary on my machine, but it makes me suspicious why it keeps giving me so many hidden pids.

Unhide 20211016
Copyright © 2010-2021 Yago Jesus & Patrick Gouin
License GPLv3+ : GNU GPL version 3 or later
http://www.unhide-forensics.info

NOTE : This version of unhide is for systems using Linux >= 2.6 

Used options: 
[*]Starting scanning using brute force against PIDS with fork()

Found HIDDEN PID: 151468
	Cmdline: "<none>"
	Executable: "<no link>"
	"<none>  ... maybe a transitory process"

Found HIDDEN PID: 151472
	Cmdline: "<none>"
	Executable: "<no link>"
	"<none>  ... maybe a transitory process"

Found HIDDEN PID: 152699
	Cmdline: "<none>"
	Executable: "<no link>"
	"<none>  ... maybe a transitory process"

(and so on for about 80-100 kb of log text)

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_GB:fi",
LC_ALL = (unset),
LC_ADDRESS = "fi_FI.UTF-8",
LC_NAME = "fi_FI.UTF-8",
LC_MONETARY = "en_FI.UTF-8",
LC_PAPER = "fi_FI.UTF-8",
LC_IDENTIFICATION = "fi_FI.UTF-8",
LC_TELEPHONE = "fi_FI.UTF-8",
LC_MEASUREMENT = "en_FI.UTF-8",
LC_TIME = "en_FI.UTF-8",
LC_NUMERIC = "en_FI.UTF-8",
LANG = "en_GB.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("en_GB.UTF-8").
System:
Kernel: 6.4.4-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 13.1.1
parameters: BOOT_IMAGE=/@_backup_20221012102413716/boot/vmlinuz-linux-zen
root=UUID=11b5c164-e479-4509-90a3-7e0100e1603d rw
rootflags=subvol=@_backup_20221012102413716 quiet quiet
rd.udev.log_priority=3 vt.global_cursor_default=0
resume=UUID=d5e4f626-8706-4a82-a464-8cd94f675904 loglevel=3 ibt=off
Desktop: KDE Plasma v: 5.27.6 tk: Qt v: 5.15.10 wm: kwin_x11 vt: 2
dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
Type: Desktop System: ASUS product: N/A v: N/A serial: <superuser required>
Mobo: ASUSTeK model: TUF GAMING B550-PLUS v: Rev X.0x
serial: <superuser required> UEFI: American Megatrends v: 1401
date: 12/03/2020
CPU:
Info: model: AMD Ryzen 5 5600X bits: 64 type: MT MCP arch: Zen 3+ gen: 4
level: v3 note: check built: 2022 process: TSMC n6 (7nm) family: 0x19 (25)
model-id: 0x21 (33) stepping: 0 microcode: 0xA201009
Topology: cpus: 1x cores: 6 tpc: 2 threads: 12 smt: enabled cache:
L1: 384 KiB desc: d-6x32 KiB; i-6x32 KiB L2: 3 MiB desc: 6x512 KiB
L3: 32 MiB desc: 1x32 MiB
Speed (MHz): avg: 4195 high: 4200 min/max: 2200/5279 boost: enabled
scaling: driver: acpi-cpufreq governor: performance cores: 1: 4194 2: 4198
3: 4198 4: 4198 5: 4200 6: 4180 7: 4199 8: 4197 9: 4200 10: 4183 11: 4200
12: 4200 bogomips: 100806
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm
Vulnerabilities: <filter>
Graphics:
Device-1: AMD Navi 23 [Radeon RX 6600/6600 XT/6600M] vendor: ASUSTeK
driver: amdgpu v: kernel arch: RDNA-2 code: Navi-2x process: TSMC n7 (7nm)
built: 2020-22 pcie: gen: 4 speed: 16 GT/s lanes: 16 ports: active: DP-2
empty: DP-1,DP-3,HDMI-A-1 bus-ID: 08:00.0 chip-ID: 1002:73ff
class-ID: 0300
Display: x11 server: X.Org v: 21.1.8 with: Xwayland v: 23.1.2
compositor: kwin_x11 driver: X: loaded: amdgpu unloaded: modesetting,radeon
alternate: fbdev,vesa dri: radeonsi gpu: amdgpu display-ID: :0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
s-diag: 582mm (22.93")
Monitor-1: DP-2 mapped: DisplayPort-1 model: Acer XB240H serial: <filter>
built: 2017 res: 1920x1080 dpi: 92 gamma: 1.2 size: 531x299mm (20.91x11.77")
diag: 609mm (24") ratio: 16:9 modes: max: 1920x1080 min: 720x400
API: OpenGL v: 4.6 Mesa 23.1.4 renderer: AMD Radeon RX 6600 (navi23 LLVM
15.0.7 DRM 3.52 6.4.4-zen1-1-zen) direct-render: Yes
Audio:
Device-1: AMD Navi 21/23 HDMI/DP Audio driver: snd_hda_intel v: kernel pcie:
gen: 4 speed: 16 GT/s lanes: 16 bus-ID: 08:00.1 chip-ID: 1002:ab28
class-ID: 0403
Device-2: AMD Starship/Matisse HD Audio vendor: ASUSTeK
driver: snd_hda_intel v: kernel pcie: gen: 4 speed: 16 GT/s lanes: 16
bus-ID: 0a:00.4 chip-ID: 1022:1487 class-ID: 0403
API: ALSA v: k6.4.4-zen1-1-zen status: kernel-api with: aoss
type: oss-emulator tools: N/A
Server-1: PipeWire v: 0.3.75 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Realtek RTL8125 2.5GbE vendor: ASUSTeK driver: r8169 v: kernel
pcie: gen: 2 speed: 5 GT/s lanes: 1 port: f000 bus-ID: 05:00.0
chip-ID: 10ec:8125 class-ID: 0200
IF: enp5s0 state: down mac: <filter>
Device-2: Realtek RTL8188EUS 802.11n Wireless Network Adapter
driver: rtl8xxxu type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0
bus-ID: 1-2:3 chip-ID: 0bda:8179 class-ID: 0000 serial: <filter>
IF: wlp2s0f0u2 state: up mac: <filter>
Drives:
...
Swap:
...
Sensors:
System Temperatures: cpu: 55.9 C mobo: N/A gpu: amdgpu temp: 51.0 C
mem: 54.0 C
Fan Speeds (RPM): N/A gpu: amdgpu fan: 0
Info:
Processes: 452 Uptime: 9h 24m wakeups: 0 Memory: total: 16 GiB
available: 15.51 GiB used: 13.11 GiB (84.5%) Init: systemd v: 253
default: graphical tool: systemctl Compilers: gcc: 13.1.1 clang: 15.0.7
Packages: pm: pacman pkgs: 2289 libs: 612 tools: octopi,paru Shell: fish
v: 3.6.1 default: Bash v: 5.1.16 running-in: konsole inxi: 3.3.28
Garuda (2.6.16-1):
System install date:     2022-09-15
Last full system update: 2023-07-24 ↻
Is partially upgraded:   No
Relevant software:       snapper NetworkManager mkinitcpio
Windows dual boot:       No/Undetected
Failed units:

Follow the template, please.
Post your garuda-inxi.

Could you remove this topic? I don't think I'm going to find an answer, I haven't found anything elsewhere on the internet either (stackoverflow.com or other sites). I don't know, I might just reinstall my system at some point. I can't find anyone anywhere with a similar problem, so maybe it's nothing.

First thing (KDE) restart your system.

Second:
It can sometimes take time for someone to post a solution, our members live in many different time zones and not everyone who can help is online here 24/7 on the forum :slight_smile:

2 Likes

Second: Understood, I just didn't find much information online about anyone having similar problems.

Turns out I might have figured it out myself, although I'm not sure. When using a different tool (unhide_rb) it actually finds information for all of those PIDs, e.g.:

Suspicious PID   292:
  Seen by ps  [btrfs-transaction]
  Seen by /proc  unknown exe
  Not seen by /proc_tasks  
  Seen by getsid() 
  Seen by getpgid() 
  Seen by getpriority() 
  Seen by sched_getparam() 
  Seen by sched_getaffinity() 
  Seen by sched_getscheduler() 
  Seen by sched_rr_get_interval() 
Suspicious PID   344:
  Seen by ps  [kmpathd]
  Seen by /proc  unknown exe
  Not seen by /proc_tasks  
  Seen by getsid() 
  Seen by getpgid() 
  Seen by getpriority() 
  Seen by sched_getparam() 
  Seen by sched_getaffinity() 
  Seen by sched_getscheduler() 
  Seen by sched_rr_get_interval() 
Suspicious PID   345:
  Seen by ps  [kmpath_handlerd]
  Seen by /proc  unknown exe
  Not seen by /proc_tasks  
  Seen by getsid() 
  Seen by getpgid() 
  Seen by getpriority() 
  Seen by sched_getparam() 
  Seen by sched_getaffinity() 
  Seen by sched_getscheduler() 
  Seen by sched_rr_get_interval() 

So most likely unhide reacted to any one of those whenever one test failed, while unhide_rb actually shows the results of each test.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.