I realized my system Ubuntu and windows dual boot might have been compromised. So, I installed OSSEC HIDS to try to look for issues.
When I ran dmesg, i found the following trace:
------------[ cut here ]------------
[ 31.461050] Could not determine valid watermarks for inherited state
[ 31.461117] WARNING: CPU: 3 PID: 321 at /build/linux-VWHl78/linux-4.15.0/drivers/gpu/drm/i915/intel_display.c:14537 intel_modeset_init+0xfcf/0x1010 [i915]
[ 31.461118] Modules linked in: i915(+) intel_rapl_perf mxm_wmi joydev ideapad_laptop sparse_keymap wmi ttm serio_raw snd_rawmidi snd_seq snd_seq_device mac_hid btusb btrtl btbcm btintel bluetooth ecdh_generic snd_timer video lpc_ich drm_kms_helper snd drm shpchp mei_me i2c_algo_bit fb_sys_fops mei syscopyarea sysfillrect soundcore sysimgblt sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 rtsx_usb_sdmmc rtsx_usb r8169 ahci psmouse libahci mii
[ 31.461150] CPU: 3 PID: 321 Comm: systemd-udevd Not tainted 4.15.0-69-generic #78-Ubuntu
[ 31.461151] Hardware name: LENOVO 20354/Lancer 5A5, BIOS 9BCN29WW 10/20/2014
[ 31.461189] RIP: 0010:intel_modeset_init+0xfcf/0x1010 [i915]
[ 31.461190] RSP: 0018:ffffa7e8c13bb9b0 EFLAGS: 00010286
[ 31.461191] RAX: 0000000000000000 RBX: ffff95ec82218000 RCX: 0000000000000006
[ 31.461193] RDX: 0000000000000007 RSI: 0000000000000082 RDI: ffff95ec8f2d6490
[ 31.461194] RBP: ffffa7e8c13bba40 R08: 00000000000002e9 R09: 0000000000000004
[ 31.461195] R10: 0000000000000040 R11: 0000000000000001 R12: ffff95ec8287cc00
[ 31.461196] R13: ffff95ec828cbc00 R14: 00000000ffffffea R15: ffff95ec82218358
[ 31.461197] FS: 00007fb2fe9ca680(0000) GS:ffff95ec8f2c0000(0000) knlGS:0000000000000000
[ 31.461199] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.461200] CR2: 00007fb2fe94d8b9 CR3: 0000000242a7e003 CR4: 00000000001606e0
[ 31.461201] Call Trace:
[ 31.461236] i915_driver_load+0xa73/0xe60 [i915]
[ 31.461268] i915_pci_probe+0x42/0x70 [i915]
[ 31.461271] local_pci_probe+0x47/0xa0
[ 31.461273] pci_device_probe+0x10e/0x1c0
[ 31.461276] driver_probe_device+0x30c/0x490
[ 31.461278] __driver_attach+0xcc/0xf0
[ 31.461280] ? driver_probe_device+0x490/0x490
[ 31.461282] bus_for_each_dev+0x70/0xc0
[ 31.461284] driver_attach+0x1e/0x20
[ 31.461285] bus_add_driver+0x1c7/0x270
[ 31.461287] ? 0xffffffffc0512000
[ 31.461289] driver_register+0x60/0xe0
[ 31.461290] ? 0xffffffffc0512000
[ 31.461292] __pci_register_driver+0x5a/0x60
[ 31.461326] i915_init+0x5c/0x5f [i915]
[ 31.461329] do_one_initcall+0x52/0x19f
[ 31.461331] ? __vunmap+0x8e/0xc0
[ 31.461334] ? _cond_resched+0x19/0x40
[ 31.461337] ? kmem_cache_alloc_trace+0xa6/0x1b0
[ 31.461340] ? do_init_module+0x27/0x213
[ 31.461342] do_init_module+0x5f/0x213
[ 31.461345] load_module+0x16bc/0x1f10
[ 31.461348] ? ima_post_read_file+0x96/0xa0
[ 31.461352] SYSC_finit_module+0xfc/0x120
[ 31.461354] ? SYSC_finit_module+0xfc/0x120
[ 31.461357] SyS_finit_module+0xe/0x10
[ 31.461359] do_syscall_64+0x73/0x130
[ 31.461361] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 31.461362] RIP: 0033:0x7fb2fe4ec839
[ 31.461363] RSP: 002b:00007ffcef7f0b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 31.461365] RAX: ffffffffffffffda RBX: 000055bb6b9f0fd0 RCX: 00007fb2fe4ec839
[ 31.461366] RDX: 0000000000000000 RSI: 00007fb2fe1cb145 RDI: 0000000000000016
[ 31.461367] RBP: 00007fb2fe1cb145 R08: 0000000000000000 R09: 00007ffcef7f0c20
[ 31.461368] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
[ 31.461369] R13: 000055bb6b9de3d0 R14: 0000000000020000 R15: 000055bb6b9f0fd0
[ 31.461371] Code: e9 46 fc ff ff 48 c7 c6 d7 0d 4a c0 48 c7 c7 2f 01 4a c0 e8 c4 b8 47 e9 0f 0b e9 73 fe ff ff 48 c7 c7 b0 65 4b c0 e8 b1 b8 47 e9 <0f> 0b e9 4b fe ff ff 48 c7 c6 e4 0d 4a c0 48 c7 c7 2f 01 4a c0
[ 31.461406] ---[ end trace 31d653066e7272ed ]---
Also after installing HIDS, there has been only 1 level 13 event in OSSEC HIDS and rest are all below 8.
I tried to search about the specific event but didnt get any clear answers.
The event of OSSEC hids is:
Level: 13 - Non standard syslog message (size too large).
Rule Id: 1003
Location: linuxbox->/var/log/syslog
Nov 19 10:23:52 linuxbox gnome-software[2785]: ignoring non-installed
app GsApp: [0x7f94180b6530]#012kind: desktop#012state: available#012quirk: provenance#012id: io.snapcraft.gnome-calculator-J8OcDPQ0JM8dbvk29HRqpWVI9kBw0atG#012unique-id:
system/snap/Snap Store/desktop/io.snapcraft.gnome-calculator-J8OcDPQ0JM8dbvk29HRqpWVI9kBw0atG/*#012scope:
system#012bundle-kind: snap#012kudos: sandboxed#012kudo-percentage: 20#012name:
GNOME Calculator#012pixbuf: 0x7f941a92f520#012icon-kind:
remote#012icon-filename: /home/dawn/.cache/gnome-software/icons/c231dd718a0e5e282ca5a38df074a0483fa39a3b-accessories-calculator.png#012version:
3.34.1+git1.d34dc842#012summary: GNOME Calculator#012description:
GNOME Calculator is an application that solves mathematical equations.#012Though it at first
appears to be a simple calculator with only basic#012arithmetic operations, you can switch into Advanced, Financial,
or#012Programming mode to find a surprising set of capabilities.#012#012The
Advanced calculator supports many operations, including:#012logarithms, factorials, trigono
On the windows, I had used KMS spico and I allowed a dialog that said something about tunneling regarding network access. It installed many malwares and I tried disinfecting the system. I forgot about it but multiple new blank excel and windows documents would open during startup. That is the reason I am worried.