How to hide a running process ?

Using Ubuntu 12.04. is there any way to hide a running process ? That process shouldn't' display in system monitor,top,htop . There is no problem to remember the process id (PID) so observation of the process can be done easily .but i want to hide the process completely . is there any way ?

Solution 1:

It is impossible to hide the process unless one starts messing around in the kernel to limit this.

One technique is to change the process name using:

prctl(PR_SET_NAME, (unsigned long) "NewName", 0, 0, 0);

..and if possible to fork() and let the parent process die. If you were to do that periodically it makes it harder to track down the process.

Solution 2:

I would highly recommend you to change the process name and give it some other name so that it might look like you are running some different process.

Example: you can change the process name from "chrome" to "findme".

This can be done programmatically.

or

You can play around at kernel level (pid_getattr) to make it possible. Again this is not recommended.

or

WARNING !!! Don't try the below answer:

If you wanna still go ahead and remove the process from top, there are few softwares which can do that for us. One among those software is called "Rootkits"

Rootkits: When rootkits is installed it overwrites the commands. It can overwrite the command like ps,ls,netstat,find,du,ifconfig,login,killall, etc..

There many malicious software with the same name. So be careful it might infect your system.

Unhide: To detect the hidden process you can use unhide.