Ex seems to be an expert at the art of spying, reason enough to reinstall an OS for me. personally, I would not worry about Knoppix now. Instead, if you are running KUbuntu (like myself atm), you are somewhat familiar with that already and I think you should stick with that for now.
we are at the brink of a new (K)Ubuntu release (only days away) I would even suggest to stay with the version you have now, but that is up to you.

one way to see what KDE version you are using is to click on:
'the K at bottom left' then on 'SystemSettings' and then in the menu bar on 'Help-> About KDE'
you can now read the version of the KDE release. if it is version 3.5.x you are most likely using KUbuntu 8.04 alias 'Hardy Herron' or in short just 'Hardy'
The Ubuntu developers have thought of an interesting naming scheme for their releases and they are all named after African (I think so anyway) animals.

With the KUbuntu cd you can initially let it load into 'live' mode. I think it will do that automatically if you boot with the cd in you drive. Once the live cd has fully loaded you can access your windows partition by clicking on the icon called 'System Menu' right next to the big 'K' at the bottom left and then click on 'Storage Media' you will now see all drives that are attached (or built in) to the system. (May be you can do that even now in your current system, but I don't know what ex did with regards to passwords)

But first you will have to get yourself a copy. One way is to do what rich_c suggested in his post, but you will have to wait sometime before you get the actual disk. i92guboj suggests a Ubuntu link (post #40), which uses the GNOME desktop environment, which is excellent but I think you have KUbuntu which uses KDE and therefore looks and feels different as i92guboj also said. not harder just different.

btw, I am answerring this post offline as I have a 16hr shift at work (no internet here), so I apologise if I am suggesting anything here that's been suggested by someone else already. I will post this when I get home at midnight, the last post when I read this was from the moderator XavierP post number #42 on page #3.

If you want to stick with your current version, you will have to download the 'iso' file for it. (you will need to download an 'iso' anyway regardless) If you wish to stay with the same version we need you to answer what I previously suggested on how to find out which KDE version you use so we can provide the download link to the 'iso' for you. Then once you have downloaded the 'iso', burning it to a disc is as simple as inserting a blank CD in your burner;
right click on the just downloaded iso-> Actions-> Write CD Image with K3b.
give it some time to do its thing and click the 'start' button that appears in the window that pops up. I assume you have KUbuntu.

After succesful burning leave the CD in your drive and reboot your machine, if your computer now boots up exactly like it always has then report back here and we will have to help you setup your computer's BIOS to boot from cd first. This is where XavierP's suggestion of finding your local LUG can come in handy, but we could resolve it here as well. but may be ex just left it to boot of cd...

speaking of long posts...

Just pull off the stuff, and then later you can scan the usb-drive from the newly installed OS on your computer. Do you have files, such as documents and pictures, on the broken Windows partition that you wish to save? Unless something is seriously wrong with that partition, you should be able to mount it from within Linux, and copy files from it to your usb-drive. Usually there are icons/launchers on the desktop for mounting a computer's partitions, but if not, within your file-manager (Konqueror or Nautilus, or Rox Filer) go to the directory "/media" (or the directory "/mnt"), and you should see mount points that you can right-click on to access the Windows partition.

Also, do you have address files from daytimer and/or email programs that you'd like to save? You can export these files to the usb-drive, and then import them later in your newly set up operating system. Most daytimer and email programs allow for exporting files, for backup. This is true too of web browsers, and bookmark files.

Good luck

The suggestions thus far have been 1.) to attempt to fix your current operating system (Kubuntu?) via scanning it and tightening security on it, and 2.) declaring it irrevocably compromised, and thus reinstalling a flavour of Linux on it.

Given the title of thread, "I Just Don't Get Linux & Need Help", if you've got some money, you may wish to consider buying a new computer with Windows. New computers are reasonably cheap, and if you're getting high speed, most providers will set you up with malware and virus scanners, thus saving yourself the trouble. After all, given that a lot of the really useful open source free software is now available in both Linux AND Windows format, that no longer is an argument for using Linux. And, if Linux can so easily be breached (even by some ex-cop, never mind a computer specialist), and if getting security in Linux means having to join user groups, and configure firewalls, virus scanners, and even reinstall entire operating systems, then, really, who needs it?

The issue is not that it was breached, but that it was set up in such a way as to make it insecure. The keylogger is not believed to be on there because the system was left insecure. it is believed to be on there because the person who installed the OS also installed the keylogger. No system is proof against maliciousness from the installer.

Thats a little like saying you have a car with a flat tire,rather than learn to change the flat tire..just go head and buy a new car..lol..

Given the lack of information we actually have about her system, I don't think you can make such a definitive statement as this about it. If the root is still disabled, then no huge effort was made to make her system insecure. For instance, if the result of ...
... indicated that there was a root user set up on the system, I'd then readily agree with you.

[later edit] Actually, disregard the above. I've assumed that since Ubuntu has disabled the root user, that a root entry would not show up, and/or be commented out, in the /etc/passwd file. It's occurred to me that I might be totally wrong in this assumption, and that perhaps the disabling of root may take place elsewhere in the Ubuntu system (maybe in /etc/shadow, or something elsewhere). So, disregard, because I'm just not familiar enough with it to make such a statement.

True enough. But from the information given, it was a reasonable assumption. That said, the user has no failth in the system as it is - she believes it to be insecure and does not believe that she can restore it without her suspected cracker's knowledge. So with that said, I think the best fix is to reinstall and to start again with a system that she has faith in.

I do agree that it is better in the long run to fix the problems rather than reinstall, but in this case I think a reinstall is the better all round option.

stop screwing around with computers and get a restraining order against Ex........You can have the best computer in the world and he can still cause trouble for you.

I agree that it's a good option. Still, I did feel here that people were too quick to jump on that option, and use it as an opportunity to plug their favourite distro. For instance,

Q: "Hey, my system's acting kinda weird. How do I fix it?"
A: "Obviously that system's broken and not for you! So let me recommend Disto-A! Distro-A is super clean, with super support! In tests, more users prefer Distro-A to Distro-B! So get Distro-A today!!"

Yeesh. What is with people who can only be an advertisement for their favourite distro? Plus, I suspect many of them use Linux as a secondary operating system (IE, a plaything), with Windows as their primary OS (that they've had for a while). If such a user was having a problem with their primary OS, that they've been using for a while, I suspect that they'd be a lot more interested in fixing it than formatting and reinstalling the drive. Like an old car (or bicycle, in my case), when you've been using something for a while, you prefer to stay with it and repair it, to simply trading it in.

Now, that may not be the case here, but there's no reason to assume that (I don't know how long she's been using her system). For myself, since I got rid of Windows 95, I've used Linux solely. When I ask for assistance, usually in mailing lists, for problems I encounter with my operating system, I would be shocked if the first thing I was told was to reformat and reinstall. In general, people ask me for information about the issues (with my system, not with my ex), and then make recommendations for fixing the system. Even for systems that won't boot up at all, or where x-windows is completely shot, people usually try to fix the system first before reformatting and reinstalling.

That's true in other circumstances. But once a system has been compromised you can't be every sure that it has been completely secured.

When someone gains root access, and provided that it's not a dumb script kiddie, the first thing that s/he will be doing is to obscure the logs and set up an alternate backdoor in one or another form. So he can gain access again if something goes bad.

In these cases even backups have a limited usefulness, most times you can't be sure for how long has the attacker been around.

The most probable thing if he truly has access to the system remotely is that he has setup alternate watches or loggers, cron jobs, a rootkit and a few other things, unless he is just a lamer.


On the other side, if he is not that skilled just changing all the passwords and disabling any daemon that is giving remote access could be enough, but on a filesystem where there can easily exist millions of files I doubt that anyone is willing to waste the time to fix it when a reinstall can be done in minutes. And as said, you can't guarantee the system is clean. No one can unless you have the NASA labs in your side


So I'd say just reinstall.

As they say, when in doubt, throw it out.

Not only is this kind of activity inappropriate it is illegal in most places. Don't know what country you live in but most places, you could just call the police department wherever his friend works and report it. Assuming you have some substantive information, evidence.

Not sure about the laws there, but around here this is a violation of the terms of use for these services. Police are NOT ALLOWED to access those databases for personal reasons/use. That would land them in a whole heap of trouble (disciplinary action up to and including termination) if they were found out. and all inquires to those databases are logged by user and query.

Actually an entire police department can end up being banned from access to the databases for that type of misuse..



LEADS is one such system used locally
LAW ENFORCEMENT AGENCIES DATA SYSTEM (LEADS)

Threaten the safety of the public, that's you..


Just want you to be aware if he is obtaining information through one of those systems he is most certainly in violation...


Sorry for going off topic like that, but you should be aware of that information. No matter what Law enforcement database they use I'm sure all have similar restrictions.






[edit]I read almos the whole thread but stopped a couple posts before the end, to see someone else had already mentioned this.. When will I learn to read the entire thread before posting ?

QueenMom,

First "pull the network wire" (or get the wireless disabled). Then copy the pictures and documents to a USB or backup device. This is important since the ex could be logging your backup operations and "hit" on you in more malicious ways.

Next, copy out the data and reformat the hard disk and load up an OS of your choice. Preferable linux based since it is less probne to malicious attacks and as many other posters said, comes with better defaults.

MS-Office files contain macros that can run and install more malware, which will work mostly in a windows environment. Also, in MS-Office (if you prefer Windows) you can steps to disable the macros. Pictures should generally be OK. But look carefully at GIF files - particulalrly animated GIFs - using some GIF builder. They can still contain iritants and certainly do not use flash files if you choose to remain in a Windows environment.

End