Hi,
that alert is related to a
kernel-level check (anomaly detection checks, not
rootkit_files.txt or
rootkit_trojans.txt). You can see more details in the code: src/rootcheck/check_rc_pids.c. Line 256: "Check if the pid is a thread (not showing in /proc".
The code inspects all process IDs (PID), and use the getsid, getpgid, and kill system calls to find all running processes. If the PID is being used, but the ps command cannot see it, a kernel-level rootkit or a Trojan version of ps might be running. It is also compared the output of getsid, getpgid, and kill system calls looking for discrepancies.
So, your process 13380 is not in /proc. Try to find it using ps -e | grep 892