My desktop computer is a personal build, was using Windows 7 Ultimate I purchased an OEM key successfully and had running without issue for 2 years. Around the beginning of January my system would no longer authenticate and Microsoft insisted I likely had an illigitimate copy. January 17th I was hacked and somehow the hacker managed to remotely install Team Viewer on my machine. I'd never heard of it or used it and I am the only person in my house (besides my wife and very young children). They were able to successfully log into my hotmail, gmail, and Amazon accounts and attempted to steal $1200 in Sephora and Microsoft gift card purchases. The first attack I suspected I had been the victim of some sort of key-logging browser extension. I changed all of my passwords and refuted the charges, leading to a month-long shut down of my Amazon account, replacement credit cards, and a long battle with both Amazon and my credit card company over the disputes. February 13th I was alerted via 2-step authentication that someone was again trying to log into my Amazon account, and upon waking my computer I saw they were in my hotmail doing a seach for Sephora. This is when I discovered the Team Viewer client running on my machine. I shut down the software and deleted it, and installed a genuine copy of Windows 10 the next day. So I have two questions: 1 - How in the world did they remotely install Team Viewer onto my machine? I have never had an account with Team Viewer, have never installed the software or client, have never enabled any sort of remoting software on that Windows 7 install, with the possible exception of Remotr and Steam Link in attempts to play Steam on my phone. 2 - I couldn't immediately find the log files from the Team Viewer client the hacker had installed, so I deleted the program in panic and installed the new OS. Now I'm thinking if I had been able to read the log files, I could have had valuable information, such as the hacker's IP and dates and times spent perusing my computer, possibly stealing valuable information. I had sensitive documents on that machine, and I would very much like to know if they had taken the time to find them or were quickly trying to do an "in and out" operation in pursuit of free gift cards. Is there any way to still locate this information? I have downloaded Wondershare Recoverit and know I can view files from my formatted HDD, but unfortunately it is the master drive on my machine that contains the OS and that program can only do searches on anciallry drives . Any help is greatly appreciated. I'm considering taking the main drive and trying to use it as an external to search the files on another machine. I'm hoping there is a way for me to find the log files from my own IP in a global database of log files or something to that nature, but any thoughts are really helpful. Thanks.
... View more