I am now considering installing 2010 yet again. Before I do that, I want to get more information about the changes of system file properties. The changes do not seem to be inconsequential. I want to find out how they were made and how, if possible, I can restore the original settings. There seems to be no way to test my data files for viruses (I understand that there is a small number of Linux viruses).
Start synaptic and get Awesum
Beside the iso file which you downloaded there will be an md5sumRelease Date: 07-05-2010
Size: 689 MB
Produced by: Texstar
User Level: Beginner, Intermediate, Advanced
Release Date: 07-05-2010
Size: 454 MB
User Level: Intermediate, Advanced
So if you downloaded the 689mb version you would use 7413d998641e28e2a5688fd75f6eeea8 leaving off the Md5Sum:
Start Awesum (start -archiving- awesum and paste in that Md5Sum. Next you will have to click on Go! and go looking for your iso wherever you saved it.
AweSum will work and tell you if the sums match. If they do then no-one can have tampered with your iso and it can't be corrupt.
K3B and Brasero can be set to check for Md5Sum on burning abnd to verify burns. So you would be 100% sure of a clean system if you reinstall.
You install only stuff from repositories - so that is checked and fine. Then you run rkhunter so that it can run for the first time and make a database of files and attributes. These can change with future updates - but as long as you only install stuff from repositories then you are fine.
Did you run rkhunter --propupd when you first installed it? Did you run it again after every upgrade?
If you did then the changes are worrying. If you didn't they're to be expected.
Install Firestarter and set it up - now it's more than a little hard to get into computer - and you get warnings!
Install ClamTK virus scanner which is an easy to use scanner for clam. Freshclam is part which does updates of virus definitions. More involved setup and a person can use Avast, etc.
We're pretty sure that you will only find Windows malware in mail directory because we check, too. Windows viruses have no relevance to your Linux OS
Unless your close neighbors wear T shirts with 2600 etc, and talk in strange hacker talk, then for sure we're having trouble believing that a Linux computer could be easily compromised. We'd be hearing of more exploits, otherwise.
You could well have hard drive issues which are changing file attributes.
Yes it's worth checking PCC-System-services and unchecking and stopping stuff like sshd, bittorrent, etc. Ask if unsure of what things are.
You should be confident of your install, but that a Linux system is being hacked is difficult to believe. If you do $1000000 banking deals online then we'd think otherwise and maybe you could get targeted.
What we need is more info on the spamming from your ISP. If it's possible to determine the MAC address of sending computer, then some evidence might be present other than the MAC of your router. But we're all sure by now that only your router was compromised.