I think that I have a compromised Linux OS (Ubuntu 14.04) and was wondering if I would be able to find any assistance with that here?
I am new to Linux and do not know where to find or how to produce the information that you would want to look at so would need some direction with that please.
Thanks for any assistance or clarification that can be provided.
Some basic information that resulted in me posting here.......
I purchased a premuim membership with the file hosting site "Fileboom"
Within a matter of days my credit card had been cancelled by my financial instituion due to attempted fraudulent activity.
By this stage I had downloaded 6 files (all or some potentially housing a payload) and whilst I had taken care to restrict the privileges to read only for the owner and none for anyone else - the follwing day I noticed that the permissions for those files had been changed.
A few days later, I was unale to close a text document that I had open as I was advised that the location of it could not be found.(not sure if related but odd)
Finally, a few days later and I am not able to access the internet , despite my router advising me that i am connected and everything is as it should be.
Resetting the router to default factory settings did not resolve the issue.
Connected the router to another pc and found that it connects fine to the internet.
Attempted to transfer files from compromised pc to clean pc via USB stick - seemed to copy the file from compromised pc to USB very quickly - connected USB to clean pc to transfer 100 Mb file and found that the file was now only 23 Mb. Attempted the same with different files - same result.
What information, system logs etc can i provide that would be helpful to someone to look at whilst I am waiting for some assistance please?
Edited by The Uprightman, 23 June 2015 - 11:52 PM.