Suspicious log entry "new connection from 127.0.0.1:60101"

Hi all!

Recently someone has gained an access to my credit card (via my personal cabinet at bank's website) and transferred about $370 to unknown destination. While the bank's support team refuses to investigate this issue, I see in browser's history that supposedly me visited the bank's website (at around 01:40 am). Though I don't know how they could bypass 2FA via SMS - it needed both for logging on and for transferring the funds.

So I started to investigate this issue by myself, and I found in TeamViewer log some entries about "new connections from 127.0.0.1": [The link has been removed as per the community guidelines.]
Is that means that someone has really gained an access to my PC via Teamviewer (protected by Google Auth and unique password to my account and to my PC)?

Find more posts tagged with

Windows

Question

TeamViewer 14

Comments

Natascha

Hi @JJjjJJ

Thank you for your post.

Please have a look at this article about TeamViewer and Scamming and report what happened to you via this page: Report a scam.

Please make sure to change the TeamViewer password for incoming connections both for the random password and your password for unattended access.

How to change for the random password:

If you would like to change the random password manually you can hover with the mouse over the password field and a circle-arrow appears. Click the arrow and choose Create new random password. Security random PW.png

How to change your password for unattended access:

The personal password is a password defined by you. If you enter a password, you will be able to use that password anytime in place of the randomly generated temporary password to access this computer (unattended access).

Under Extras --> Options --> Security--> Under Personal password (for unattended access) --> Password --> Type in your password --> Confirm password Repeat your chosen password to confirm it --> click OK

The password you are choosing will never be visible to you or anybody else. Instead of the password you will see black dots.
You can remove the password by deleting the black dots.

Security Personal PW.png

Hope this will help you.

Thanks and stay safe,
Natascha

JJjjJJ

Hi!

I have Teamviewer Business account. The PC which has teamviewer installed. In the log TeamViewer14_Logfile.log I can also see some entries regarding:

new connection from 127.0.0.1

Now I would like to know further what the connection was about and if it was successfull? If it has been compromised?

As far as I can see there is nothing unusual in Connections_incoming.txt

Please help interpet the logfile, thanks!

JJjjJJ

Yuri_T

Hi @Rabinovitch ,

I am sorry to hear what happened to you.