Thanks for the replies. I'm afraid I am not savvy enough to follow much of them.
1. I don't know how the attack is coming in. I understand that my router serves as a firewall. I don't know which options to tick in shorewall. I will install firestarter.
2. I believe my passwords are adequate.
3. I am using my own password on the router.
go through the "Current file modification time:" numbers to determine if you were doing anything at the computer.
I don't know what that means.
what you can also do is set up a script to run every minute in cron that does a "ps aux" and "net stat" etc which you dump to a log file.
I don't know how to do that.
6. I reinstalled 2010 from scratch yesterday, yet a number of files' properties have been changed.
7. I will try grc.com
If you have a firewall but you need to have ports open to expose ssh daemon or a webserver or any other process to the open web then do they have proper security configurations?
I don't know. I have been relying on the O.S. installed.
No one else has access to the computer and is the only computer I have.
I am not running Windows. For two days, I used library computers using windows to download two small files which I later obtained from my pc. Neither rkhunter nor clamscan has reported anything amiss with those files.
Could it be a problem that I stay signed in to webmail accounts?