Suspicious - did someone hack into my computer with TeamViewer?
Hi Community - hope all are well and safe!
I opened my computer and I saw a message "thank you for using TeamViewer...". and my wifi was shut off. I looked in the log files and it seems possibly suspicious (to my untrained eyes).
Trying to see if it is ok, not ok, or just one of my kids were pressing buttons trying to get into my computer.
How can I know if this is legit or not?
Logs (ID #s removed)
[Logfiles removed]
Thanks in advanced!
Binny
Best Answer
-
HI @Binny
Thanks for your post.
You can check whether there was an incoming connection to your device via the file incoming_connections.txt in the TeamViewer folder.
As a side note: The logfiles look suspicious to close to everyone on this planet except our support team and dev teams who are trained to analyze them. Do not worry! I am dealing with TeamViewer for 8 years and I do not understand them!
Back to the topic: Did you give the access credentials (your TeamViewer ID and password) to anyone? If so, please change the password (dynamic and/or permanent password).
Don´t forget: A connection is only possible if someone has both: the ID and the password.
I hope this info helps you!
Best, Esther
Former Community Manager
6
Answers
-
HI @Binny
Thanks for your post.
You can check whether there was an incoming connection to your device via the file incoming_connections.txt in the TeamViewer folder.
As a side note: The logfiles look suspicious to close to everyone on this planet except our support team and dev teams who are trained to analyze them. Do not worry! I am dealing with TeamViewer for 8 years and I do not understand them!
Back to the topic: Did you give the access credentials (your TeamViewer ID and password) to anyone? If so, please change the password (dynamic and/or permanent password).
Don´t forget: A connection is only possible if someone has both: the ID and the password.
I hope this info helps you!
Best, Esther
Former Community Manager
6 -
Hi @Esther - thanks.
Did you see my logfile? I see it was removed, even though I remvoved any numbers there.
WHat about these lines?
G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=xx ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
InterProcessBase::SecureNetworkCallbackHandle destroyed (RegistrationID:...)
RCmdAckMap::RemoveAckHandler(): AckMapEntry not found, CmdID 12415, TargetID 13, SenderID: ..., AckResult: 8, Payload: 0 Bytes
Thanks!
Binny
0 -
HI @Binny
Thanks for your reply.
I am sorry but as I said I can not read logfiles. What I recommend you is having a look at this post about TeamViewer and scamming and if you want you can report a scam to our security team.
Thanks and sorry for the hassle,
Esther
Former Community Manager
1 -
Ester,
Did you mean file C:\Program Files (x86)\TeamViewer\Connections_incoming.txt?
I do not have file incoming_connections.txt.
Connections_incoming.txt seems to have all need.
Thanks
0 -
Yes - sorry! I mixed the words! This is what I meant.
Former Community Manager
0
