I do not use TeamViewer much, but I saw that there had been remote access and it was not anyone affiliated with our organization, of which there are only two people who had TeamViewer accounts and would have known the password to the laptop which had been accessed.
The access began at the same time as the company's president started his laptop up and was apparently running unbeknownst to him in the background. The user ID is not recognized by us. The next day the owner's Google account sent him a critical alert that his password had been breached, and it forced him to choose a new one. I looked around and may have discovered intrusion evidence and malware. While I was looking around I started to download a file image & backup app because I wanted to get an exact image then low level format it. It was late and I was tired, so I shut it down thinking it was safe if shut down and I was sure that I had set wake on lan to abilities to off, yet when I came in the next day it couldn't be turned on.
The HD light turns on for a second, the fan spins a little, and the the computer turns off. Nothing on screen. It worked fine before that and I can't help feel that it was noticed that I had been about to create a drive image since I had had to download an image utility and then realized my external hard drive was not at the office.
It seems possible it could also just be some kind of update from TeamViewer, but a good number of the lines in the log file seem suggestive of active intrusion attempts that one can find in various pastebin sites for hacker types.
Any educated opinions are appreciated.
BTW, easy access for admins was left on. Apparently a bad idea.
