First, thanks all for the replies. It's possible that the aio one version got oversensitive and was returning false positives. That why I had created this thread to let it check by independant users. However, the results of the orginal rkhunter-tcp scan still gives me some doubts about the hidden processess (pid) because many of them are the ones are "ballast" processes (unused and multiple forked) from firefox (already reported to firefox dev team), with mostly appear on Linux.
As I had also mentioned (it's also in the thread topic), the suspections have appeared on Buster and not in the previous versions (like Bionic).
