guys I decided to port forward on my router to my ubuntu box, so I can access my files when I'm away, 5 min after that, my pc stop responding, it will not render control over the mouse or kayboard, first thing I did was to close the port at the router, now what live cd's you guys recommend I use to clean up my box?

You probably don't have a virus/malware on your ubuntu box, did you try rebooting the box?

And why not just use ssh to access files remotely?

What port(s) did you forward? 135 and 139? Those might have been attacked but it shouldn't hurt your box. If you have lost keyboard and mouse you probably had a driver crash. Try to ssh in from another computer and restart services on the box that is locked up. It probably isn't locked up, by the way, but merely keyboard and mouse are dead.

If you can't ssh in, then reboot it.

In the future, you'll find that using ssh -Y is the best way to go.

no, I'm in front of the computer, and yes I forwarded ssh, I opened 2222 on my router and forward it to 22 on my ubuntu machine, I just rebooted with sysrescuecd and ran clamav, chkrootkit, rkhunter, and came back negative...I've also rested the machine numerous time no help there either...running out of options here

Can you ssh into the machine and have it work without problem?

What kind of mouse/keyboard? If they are both PS2 and they don't work after a reboot, potentially you have had a motherboard failure?

no, not the case as I rebooted with a live cd and everything worked ok

Do I understand correctly that you enabled SSH access to your computer from the Internet? If so, did you have strong passwords on all accounts? Did you disable root login via SSH? If not, it is possible that somebody (or something) logged in and did something malicious. (Although 5 minutes seems kind of quick to me for a non-standard port.)

If somebody did login I would think it likely they installed a root kit. You can run chkrootkit from KNOPPIX after mounting the partition:

(change /mnt/sda1 as appropriate)

Beware that chkrootkit can have both false positives and false negatives. Search the Internet for help with it. You can also checkout Rootkit Hunter.

If you decide a rootkit was installed, it is probably best to do a reinstallation since you can never be sure you have removed everything malicious.

first thing I checked was the auth.log, and no one logged in, as far as rootkit, I booted from sysrescd and ran chkrootkit, rkhunter, and for good measure ran also avscan after updating the virus definition, it seems a bit odd but after restarting the machine several times, it started to respond again, I suspect it might have been the kvm switch...