Windows 10: Hacked via Team Viewer11

Hi,

Well, this just happened...

I was playing a game and decided to get something to drink. Closed the game and was upstairs for 1 minute. Got to my computer and someone was remotely on my pc *Eek Team viewer was the culprit. I instantly closed team viewer and got crazy changing all my passwords(paypal, windows, and roboform) . Then I scanned everything with Malwarebytes, Zemana, windows defender, Panda, Mbar....Found absolutely nothing, pc looks clean. Then I sent the logs from team viewer to the support department over there.

The pc was not locked at the moment he hacked in team viewer so I guess he did not need the windows password ???

What would you guys do after all that ?

Thanks !

:)

 

How to get the original microsoft ROM back?

When a Windows Phone is updated via Microsoft's official channel, the OS is backed up to the user's computer and can be restored to the phone. If a Windows Phone is updated via some kind of unofficial channel (the OS is hacked), unless the unofficial
channel provides a recovery method, there is no way to recover the phone to an official Microsoft ROM.

I've never heard of a Dark Forces Team's ROM, sounds like an unofficial, hacked ROM to me. Unless the Dark Forces developers provide a way to restore the phone to its original official ROM, I'm afraid you won't find a way to get an original Microsoft ROM on
your phone.

The best advice I can give is that you should go back to your friend and ask the friend if there is a way to restore the phone to its official Microsoft ROM.

 

Re: Finally a solution!!!

I'm not sure how to fix this problem but search around the discussions and you should find your solution. And as mentioned above, hacking and discussion of hacking is COMPLETELY UNACCEPTABLE here in the discussions. Would a Admin/Mod/Nokia Team Member
kindly remove the post.

 

Hello and welcome:

It's not clear from your post, so I will ask: did you change your passwords from the same, compromised system before scanning for malware, or from a different, known clean system?
(The latter would have been preferred.)

Just checking,
MM

 

Same Computer...you think maybe a keylogger ??

 

I'm not qualified to say for sure (and we lack sufficient information to know).

But "best practices" would have been to use a different, known clean computer for the password/credential changes.

As a general rule, one should not conduct any financial transactions or divulge any sensitive data on a computer that may have been compromised UNTIL it has been thoroughly and deeply scanned for malware. For many home users, the best/safest course of action would be to seek a bit of free, expert help from a malware specialist, if not here then at one of several reputable computer disinfection fora.

If I were you, I would probably change my credentials again from a known clean system.

JMHO,
MM

 

Ok, will do it from my phone, thanks !

But I did scan everything and nothing came up, kinda weird.

 

I also assume you changed the password in Team Viewer too. Has anyone used Team Viewer recently to remote into your computer? Who else has access to your computer.

 

Absolutely no one ever connected via team viewer. I only use it to help out family and connect from work. And yes, team viewer password is changed.

 

Hi.
I have used Teamviewer for years, and have never had this happen. I can, however, recommend some security settings for the future.

In Options>Security
- Disable the Random Password
- Populate the Whitelist with your work computer ID. No one else will be able to login.
- Make sure your access password to remote in is at least 12-16 characters, includes numbers, upper and lowercase letters, and special characters, and is not comprised of any words that can be found in the dictionary.
- Do not "save" the login credentials in your Teamviewer account - manually enter the password every time you log in from work.








As mentioned above, all passwords should be changed from a known clean system.

You might want to run an ESET Online Scan. It's quite possible the hacker only "stole information" and did not leave anything behind. Then again, he could have dropped a time bomb. You can find detailed information on how to manipulate an ESET scan in the post here:
BSOD after boot up, during login or right after, (bad spool header?) - Page 3 - Windows 7 Help Forums

It will be interesting to see what the tech support people have to say about your logs. They should be able to identify the ID of the system that logged in, but I am not sure how much further that can be traced. I hope you'll share the findings with us.

 

A few more tips, do not let TeamViewer run at startup, run it only when needed.
You do not need its service running either, especially if you are the one giving support.
The safest way is to use the portable version or two factor authentication: TeamViewer Support.

It seems, that crooks are focusing on TeamViewer recently:

Ransomware Uses TeamViewer to Infect Victims

Attackers bundle an old version of TeamViewer to exploit vulnerability

 

Hi there

doing it from the phone probably isn't advisable --Phones are now the new target for hackers and scammers rather than PC's and my experience is that people tend to think of Phones as having Linux based OS'es and therefore secure.

Phones CAN be hacked and of course the same care needs to be taken when accessing websites - rogue websites etc are just as available when using a phone as using a computer. The criminal fraternity these days see phone users as available for "much richer pickings" - so try and find some good AV software for your phone. - Seems the AV companies aren't on the ball at all on this one --I really wouldn't bother too much with AV on computers apart from standard Windows defender --phones are the new target. - and people give passwords / data all over the place on phones when using instagram, texting, facebook, twitter etc etc.

Personally I would never use an app like teamviewer in the first place -- why store your IP address on to a publically acessible server.

If you need to remotely access your computer -- just get the computer via a batch program to get your IP address every so often and email it to you.
Then you can connect to your remote computer via RDP etc -- just port forward to a specific IP address (internal) on your LAN -Routers can do this easily.

If you use Cable connections and leave your computer on most of the time then the IP address wont change after start up - so if you are only away say at work then get the IP address before you leave home -it won't change during the course of the day with Cable --it might (but not always) if you have the older Copper wire based broadband. Use port forwarding as before to RDP to your own computer.

I'll try and write this up -- since the services like no-Ip all went "Pro" (i.e pay)my method seems the easiest and cheapest way to do it without requiring anybody else's servers to be involved.

Cheers
jimbo

 

Uninstalled Team Viewer and going to use RDP from now on. I backup my computer 2 times a week so ransomware would be completely useless with me but you know... Still is a pain.

Thanks guys !

 

Good choice

Note you can also create a SERVER too -- use WAMP (based on the Linux LAMP (Linux, Apache, MySQL, PHP), Windows versions available too
Really easy -- Note Link is in English too !!!

WampServer, la plate-forme de développement Web sous Windows - Apache, MySQL, PHP

Cheers
jimbo

 

Teamviewer has a quick support /non-installed version...no reason to quit using it (legit downloads, of course) for an as-of-yet unconfirmed source of a break-in/compromise.....