My Computer Was Hacked
I came home last night and someone had remoted onto my computer - and was going through my online banking files (since my password tool was still logged in)
how can I tell if they got in through teamviewer or through some other service/tool.
Comments
-
When someone logs out from your computer remotely with Teamviewer free version, a message box is left on the desktop saying "that was a free Teamviewer session etc." Doesn't it leave such a trace on your version, too?
Other case I'm sure there is a Teamviewer log somewhere in the appropriate folders. With hust a look, there is a connections_incoming.txt text file in Windows version. It is located in c:\Program files(x86)\Teamviewer\ folder
Hope you save yourself from the situation without any financial damages. Report the situation to your banks and change your Google passwords or whatever your password retrieval system is. Also take your time and search throughly, what else could be compromised by the password retrieval system.
I was amazed how infinitely many websites and services I have registered on the internet and all those passwords are kept in Google. Some already forgotten.
1 -
Thanks Byteman...
I checked the connections_incoming.txt file it didn't have any entries (but I manually forced TV to close) so maybe it didn't have time to update the log?
I've taken necessary steps to change the passwords on all my things again - but what I really can't figure out is my TV is protected by 2FA - so no one can access my PC directly from the net without my cellphone for the token. But there was a permanent link between my TV and my in-laws PC through TV. So i wonder if someone came in through that connection... I can't really think of any other way/tool that would allow a user to log in remotely to my PC.
0 -
If this is done once it can be done again so act immediately!
There are several tiny tools around in the internet giving access to the computers. It may not be Teamviewer but something else. Check every individual process running on your PC, or have it checked to someone who is familiar with the legit processes on a PC.
Some of those tools can be spotted simply by using the Task Manager (By Pressing Ctrl+Alt+Del) when they have stupid names like (ABC.exe ) They can very well be hidden but be seen by utilities like Process Explorer. A simple tool that even helps you reveal the source executable of a mysterious window without a title on it.
Of course some of these malicious tools often take advantage of legit Windows processes like Rundll,svchost etc. which makes them harder to spot.
Setting up Windows from scratch would be the best way to get rid of anything that is setup without your consent on your Windows.
I'd advice checking any files that are running on Windows startup. Some malicious software are that simply integrated in your system. Some of these startup events can be found in Windows Registry.
It can be called by regedit.exe, and can be found in section:
HKeyLocalMachine/Software/Microsoft/Windows/CurrentVersion/Run
Be careful while editing the registry. It can mess things up. There is no save option so changes are saved immediately.
Best regards
1