Do I have virus or hacker?

Later in the day I went to pull up some files and got a message that Office 2 program was reported as crashed and had to revive the files. Forgot to add that all the writing previous reported was through the Office 2 program. What is going on?????????????????????????/

First, you can take a look at what the command "last" at the console says. It shows a log of the last log-ins to your machine.
Then you should make sure that the remote-login to your computer is deactivated (System->System Preferences -> Login Screen -> Tab "Remote")
Then you should consider setting new passwords for all registered users on that pc.
And do you have any additional package sources registered? That could be another security issue, as these personal package archives may install anything on your computer.

     Sounds like nice advice; thanks for info about "last" command as I had never encountered it.

     Fred, I am also wondering if you even have a firewall running? You could use 'ufw' or 'firestarter' if not before you go back online again.

You can also check if you don't have some strange ports opened via nmap and netstat utilities.

nmap 10.0.0.1
netstat -Ntap

Or try graphical tool which is installed in Ubuntu as well - Net tools (Gnome network).

Thanks for all the advice, really appreciate it.

First; I downloaded my updates (116..whew!)

Second; then found out that my operating system was set so any remote user could come on in. I de-activated the "remote login" following your instructions Tief.

Third; You were right Larry, I did not have any firewall and found the "firewall disabled". I corrected this by following your instructions.

Boy, am I a computer dummy...hehe.. :}

Hope this corrects the problems that had me tearing my hair out... hehe

For what it's worth, I had a similar incident yesterday (or Friday - can't remember exactly) in which I was using Opera and suddenly some text started appearing in the Address Bar - commands of some sort, but I didn't recognize them although there was clearly a syntax to it. I attempted to cut/paste it but as I was highlighting it, the line cleared and the phrase "You have been hosed" appeared. I took the comptuer off line but didn't know how to check it.

I'm behind a hardware firewall (Netgear) and immediately reset my external IP and turned off all other programs on other PCs that were accessing the internet. I was attempting to find out if this was data coming in from the outside (which I would see on my modem with no other traffic running) or just some cleverly written web script. Nothing occurred thereafter and I wrote it off as a shell script from some web page designed to startle the user but was surprised to see Fred's message today while researching something else.

There may be something to this. I just got a notification (upper-right corner) that some else was controlling my desktop and, indeed, my mouse moved so I immediately switched off my modem.

I have ITALC installed which implies an LTSC server. This was part of an experiment I never finished setting up (Ironically, I couldn't connect from within the house) so I've removed both sets of packages.

Now, further to the tips provided above, where do I find a record of the notifications that are posted on the desktop? It included the host name of the intruder.

As a further thought to the above problem, I was setting up Italc as an internal experiment to see if it would function as a remote assistance tool. At no point did I ever set it up on the (external) firewall to allow an inbound connection, unless either Italc or LTSP uses the UPnP protocol.

My problem was solved by enabling & building my firewall and disabling the remote access. Sorry, I am not aware of your programs you mentioned but hope you correct this problem as it is very annoying, believe me I know. I got an e-mail from the hacker to my system who turned out to be a kid from germany just playing and no damage was done to my operating system and programs and files. Thankful that it was not one of the evil hackers and virus perpetrators that are out there.
My system is now blocked off and I am so glad.

What I see here is that these packages that you have been trying out made an effort to be as usable as possible.
In doing this, they apparently used UPnP to open a port on your router, and redirect any connections to that port on your router (coming from the Internet) to your computer.

Since you have been planning to merely test that package, I assume that you put some easy username/password. Therefore, this script kiddie was simply port-scanning your address range and noticed that the VNC port was enabled, and simply connected (perhaps with a brute force attack, if you set a password).

You mention LTSC; maybe you mean LTSP? In any case, it is important to flag this behaviour where a program uses UPnP to make available a service from your computer directly to the Internet.