Package: unhide.rb Version: 13-1.1 Severity: Wishlist Please upgrade unhide.rb to the latest revision: http://bazaar.launchpad.net/~walles/unhide.rb/trunk/changes/
The latest revision has been tested on a system infected by the Jynx rootkit and adds the following features: * Name the binaries hidden by the rootkit. Previously only the PIDs were identified. * Name the Jynx process / file hiding library on an infected system. It also adds a few checks and is now a superset of running the original unhide as "unhide-linux procall sys". Performance-wise it's about 14x faster than the latest version of unhide (7s vs 100s on my system). The changes fix all issues mentioned in this post: http://sourceforge.net/mailarchive/message.php?msg_id=28258660 Regards //Johan