Analysis of Teamviewer log file - what are key events to look for?
Hi,
A friend of mine reached out to me recetly - was the target of a scam, where teamviewer was installed and credetials provided. they turned off TV pretty soon after remote control was gained, with a minute or 2 window, and I have walked them through sending the log file to me.
I am looking through the log and have identified the time period that had access. I'd like to figure out the extent of what happened - specifically to identify if a backdoor was uploaded, and/or any files were transfered off the target host.
I can see the session being initialized with events like this:
[logs removed per Community Guidelines]
There's a few other events that happen - "AutoStart recording function called" looks like it tries to set up VoIP: AudioControl to access the mic next.
After that, i see:
[logs removed per Community Guidelines]
and then within 5 seconds of that, the PC was turned off.
Is there a reference article somewhere that defines key events in the log file and what they mean? And from anyone with experience in this, any events i should look for?
Lastly, as a free / non-commercial user, should this be reported to the TV team? not sure if they look at remote IPs or sources / accounts of scammers in any security db....
thanks in advance all.
Comments
-
the best reference i have found so far is this: https://community.teamviewer.com/English/kb/articles/54970-auditability-event-log
0 -
Hello @db720
Thanks for your post.
We are sorry to hear your friend experienced this situation.
Within a TeamViewer connection, any activity would produce a pop-up alert. A file transfer cannot be started without full consent of both connected parties.
TeamViewer also does not allow any backdoor or behind-the-scenes actions - anything a remote user would attempt to install or affect while connected would have to be done on the screen, where the local user would see all actions.
You can find information on reading logs for incoming connections here:
You can report such instances, including uploading log files for analysis, here:
You can also find more about TeamViewer and scamming here:
I hope this helps 🍀
Josh P.
Senior Community Moderator
---
0
