Hacked, got the logs
Someone tried to get into a computer of ours with TeamViewer, and he was successfull
want to make sure they didnt get any data/passwords etc. can someone point out anything in the logs that may indicate such?
[logs removed per Community Guidelines]
Best Answer
-
Hi @bradabsolute,
I’m sorry to hear about the issue you were experiencing.
Please have a look at this article about TeamViewer and Scamming and report what happened to you via this page: Report a scam.
Our dedicated team will assist you with this issue.
Please also ensure a change of the TeamViewer password for incoming connections both for the random password and your password for unattended access (If you have set up).
How to change for the random password:
If you would like to change the random password manually you can hover with the mouse over the password field and a circle-arrow appears. Click the arrow and choose to create a new random password.
How to change your password for unattended access:
The personal password is a password defined by you. If you enter a password, you will be able to use that password anytime in place of the randomly generated temporary password to access this computer (unattended access).
Under Extras --> Options --> Security--> Under Personal password (for unattended access) --> Password --> Type in your password --> Confirm password Repeat your chosen password to confirm it --> click OK
The password you are choosing will never be visible to you or anybody else. Instead of the password, you will see black dots.
You can remove the password by deleting the black dots.
I hope this helps! Thanks and stay safe!
Best regards,
FionaFiona_G5
Answers
-
Hi @bradabsolute,
I’m sorry to hear about the issue you were experiencing.
Please have a look at this article about TeamViewer and Scamming and report what happened to you via this page: Report a scam.
Our dedicated team will assist you with this issue.
Please also ensure a change of the TeamViewer password for incoming connections both for the random password and your password for unattended access (If you have set up).
How to change for the random password:
If you would like to change the random password manually you can hover with the mouse over the password field and a circle-arrow appears. Click the arrow and choose to create a new random password.
How to change your password for unattended access:
The personal password is a password defined by you. If you enter a password, you will be able to use that password anytime in place of the randomly generated temporary password to access this computer (unattended access).
Under Extras --> Options --> Security--> Under Personal password (for unattended access) --> Password --> Type in your password --> Confirm password Repeat your chosen password to confirm it --> click OK
The password you are choosing will never be visible to you or anybody else. Instead of the password, you will see black dots.
You can remove the password by deleting the black dots.
I hope this helps! Thanks and stay safe!
Best regards,
FionaFiona_G5 -
How do I stop team viewer accessing my phone and Ipad and laptop, I have been hacked and all my details stolen
Anthony
0 -
I have the log files from when an individual logged into my computer. I searched the IP address, it's india.
I have locked all of my banking accounts down - credit cards - etc.
What can I do about this - any way of tracing them? I see the computer name they logged into and TV id - etc
0 -
Our computer was hacked through TeamViewer and the people changed the password. They made it so we cannot log into our computer at all without inputing a different password (the one I am assuming they used for TeamViewer, considering it doesn't look like the normal Windows login interface, and our normal password doesn't work). Can anyone help with this?
0 -
Someone was on my team viewer. I have looked at both logs but I am not sure how to read the logs to see what they did. Attached to this are both connection and use logs.
It appears that the unknown log in was from 1xbet. But i dont know how to read the primary log to see what they did?
0 -
Its really great that the team viewer team has no way for you to report being hacked or a way for you to send them your log files so that they can check and tell you what information was obtained while you were hacked.
Really wonderful how that works.
0 -
Hello @surethingboss ,
Unfortunately, I don’t think TeamViewer logs what specific files are transferred, anywhere. However, there are some logs recorded that I hope will help.
Within your TeamViewer program folder (C:\Program Files (x86)\TeamViewer\) you should find two logs Connections_incoming.txt and TeamViewer15_Logfile.log. Sort your folder by Date Modified and they should pop up right at the top. You can open the .log file in any text editor, notepad, word, etc..
The Connections_incoming.txt log is fairly straight forward. It’s also tab delimited so you can even open it in Excel and it will format the log a little better to read. This will provide you with the TeamViewer ID, the name, start and end time of the connection, username, type of connection, and what seems to be a random ID of some kind.
The TeamViewer15_Logfile.log file is more detailed and shows technical information about the program, events during connections, and much more.
Using the start and end time of the connection in the easier to read Connections_incoming.txt log then referencing those times in the TeamViewer15_Logfile.log file you can at least determine if data was transferred and if it was a lot or a little. If you see “DataTransceiver” that is the data file transfer doing something. If you see a lot of “DataTransceiver: TransferProtocol => TransferProtocol::IsTransferRunning” and it lasting for a long time, a lot of data has been transferred depending on bandwidth. When you see “DataTransceiver: TransferProtocol => TransferProtocol::RemoveTransfer” that’s a file that has completed being transferred.
I may be a little off, but I think that’s how it works.
-Cheers!
TeamViewer user since version 6 (2010). We used other remote software programs (TVNC UVNC PCAny) for many years before.0 -
Hi! I hope someone can ease my mind or tell me what I need to know.
I called Amazon customer service on Saturday but it turns out it was a fraudulent customer service number. The woman I spoke to told me to install the TeamViewer app so could fill out a return form. I got as far as installing the app on my iPad and reading her the nine digit number on the right side of the screen when it dawned on me that this was a scam.
I hung up and deleted the app right away, within a minute or so.
What are the chances she could have installed spyware or gotten information out of my iPad in that time?
Any information would be so appreciated. Thank you.
Susan0