Phantom File Transfer


Two days ago, (20 Nov), I was working on a friend's computer, updating TeamViewer and a couple other programs. As I was waiting for a program to finish updating, I noticed a TV file transfer notification box pop up. I was not transferring any files, and the friend wasn't even near the computer at the time, so this happened completely without user input. As soon as I was finished, I disconnected, and then later restored a backup image of my computer OS to the day before, just in case something nefarious was going on. So, I grabbed a screenshot of the file transfer box, but it shows nothing transferred. There are no TV logs, of course, because I restored my system to the day before, which deleted the log capture of that day. The file transfer says it was initiated by me.

phantom file transferphantom file transfer

Does any one have any idea what happened? Was that an infection trying to jump into my machine? Did that have something to do with the remote update which TV needed due to a vulnerability found recently?

I have been told that it is possible to work on infected computers without getting infected, as long as I don't open a file transfer connection. Is it possible there was some sort of "file-less infection" or worm which was trying to infect me as well? Because both computers were scanned with ADWCleaner and nothing was found.

Thanks for any insights. We were both updated to TV 15 with patch before initiating the connection. Both computers are using Windows 10; one on v1803 and one on v1903.



  • Natascha
    Natascha Posts: 1,591 Senior Moderator

    Hi @simrick 

    Thank you for your post. 

    TeamViewer Germany GmbH is a legitimate software development company. We take the privacy and security of our customers’ and partners’ personal information very seriously.

    TeamViewer traffic is secured using RSA public/private key exchange and AES (256-bit) session encryption. This technology is used in a comparable form for https/SSL and is considered completely safe by today’s standards.

    As the private key never leaves the client computer, this procedure ensures that interconnected computers—including the TeamViewer routing servers—cannot decipher the data stream. Not even TeamViewer, as the operators of the routing servers, can read the encrypted data traffic.

    Maybe you initiated the file transfer by accident? Since the file transfer window says it was you who started the transfer, no third party would be able to jump in between, unless he/she is sitting next to you in front of the same computer like you. 

    If you want to find more information regarding the security of TeamViewer, please have a look at our Trust Center. Please do not hesitate to contact us again, if there are any further questions. 

    Hope you have a great day and wish you all the best. 

    Kind regards,

    German Community moderator 💙 Moderatorin der deutschsprachigen Community

  • simrick
    simrick Posts: 7 ✭✭

    Hi Natascha and thanks for your reply.

    It seemed very odd, that a file transfer would initiate itself. However, I can tell you assuredly, the other person was away from the remote computer, and I was doing nothing to the system - I was waiting for a program to update itself. I did nothing to initiate a file transfer, yet somehow a file transfer window opened. As you can see in the picture I posted, no file shows as being transferred.

    This is why I asked if perhaps some sort of "file-less infection" could have been tryiing to jump over. I was hoping that someone at TeamViewer or someone using TeamViewer all the time would have seen this before and knew what it was/what was happening. I don't use the program that often, so this concerned me, and I posted here.