I have a System76 Pangolin Performance (Panp8). It has 4 GB of RAM and an Intel Core i5-2410M CPU @ 2.30GHz × 4 processor. My hard drive has a total of 250 GB, but the partitioning makes it a little more complicated than that (which I'll explain more about a little later in this post); the OS I'm currently running has 102 GB of disk space. I'm using 64-bit Ubuntu, 12.04, but I was using 11.10 when this problem first started.
This is the beginning of the account, and at this time I was using Ubuntu 11.10. So last week, I believe it was Thursday or Friday, maybe Wednesday, I got kicked off the wireless network where I live. I called the admin, and he said it was because my computer was doing outbound TCP-FIN scans, which (according to him) means that I probably have a network virus. I'm skeptical, because I've heard that there are virtually zero viruses out there for Linux systems. He sent me an email with many links to free virus scans and "free" virus scans, all for Windows. I attempted some of these scans using Wine with varying (low to none) degrees of success. One of them told me that I have some Win32/Toolbar/Babylon applications on my computer, as well as some threats in the Firefox cache, and some other threats that I can't remember. However, I hadn't checked the box "remove found threats" when I first started running the scan (I didn't want it to accidentally remove something important), and at the end of the scan, there was no option to remove them. Thereafter, that particular scan didn't work anymore. I really wish I'd exported the list of threats to a text document. Ultimately, I wasn't able to remove anything from my system with any of the scans. I tried ClamAV and it turned up nothing, but I don't think it was working right, as it reported that it only scanned a megabyte. I'm going to uninstall it, reinstall it, and try again, and if I get a different result I will update this post. My network administrator is really not being so cool about it. He knows I use Linux, knows nothing about Linux, assumes it's a virus, sends me some links to Windows virus scans for Windows viruses, and just tells me I have to make my computer stop doing outbound TCP-FIN scans or else he's going to kick me off the network again. I'm not completely sure that I don't have a virus, but I get the feeling he is just heaping the burden of his ignorance upon me so that he doesn't have to learn anything about non-Windows systems for his job. Yes, I should know about my own computer, but I'm not the one getting paid to maintain the well-being of the network (which he generally does a terrible job of anyhow). Sorry, I'm venting a bit. Anyhow, I don't think my computer was doing it before last week, but I have called the admin to ask him when it started, and where the scans are being directed. I got his voicemail and have yet to hear back from him. I'll update this post when I do, unless it has already been solved by then.
Now, unfortunately, some events happened which potentially complicate this whole thing, but maybe not. I don't know. I'm going to describe them just in case they are relevant. On Saturday of that same week (or maybe it was Friday night? I forget), after the above paragraph happened, I attempted to upgrade to 12.04. When it was in the middle of upgrading, the program doing the update froze. When I finally gave up hope that the upgrade would finish, I closed the program that was doing the upgrade, sure enough it was "not responding" and I had to force the quit. Afterwards, clicking the mouse button had no effect on anything. I disconnected the power source and removed the battery to turn it off, and then when I turned it back on again, it wouldn't boot right, it just stayed on the purple "ubuntu" screen indefinitely, with those little dots changing from white to red-orange and back again. So, I ended up installing another copy of Ubuntu 12.04, alongside the old one. All my old files are within an encrypted directory, that I have not yet been able to access (but I'll post more about that with a different thread). I thought, maybe there's a little silver lining, maybe this'll somehow fix the TCP-FIN scanning issue. Nope. Admin called me yesterday and told me that my computer started doing it again, 2 and a half days after I installed the new copy of 12.04 and started using my computer again. Now, I had done some web surfing within that time, so if I did get some virus from some website (which I think is unlikely), it's possible I could have gotten the same virus again after starting with the new 12.04. But is it possible that, if I had a virus, it could still operate from within that encrypted private directory after booting a new OS? I don't know.
Anyhow, I just need to make my computer stop doing these outbound TCP-FIN scans, and I would also very much like to know why it is doing the scans in the first place. I will be very grateful to those who help.