just caught someone hacking my computer ?

skyripper · 29 Nov 2017 at 15:59

Not sure this can be blamed on TeamViewer.

Something dodgy (virus, nasty trojan or other vulnerability) has forced TV to be installed, and presumably dropped a bunch of preconfigured config which would put TV in as a service and listening. That config would have added your machine to some dodgy persons TV account, so they could drop in and use your machine. They then surf in at their leisure.

Having 2FA on your own Teamviewer setup means if they have YOUR username and password, they're still not getting into your TV account. However I don't know if you can set it so 2FA is required for each and every use of TV to remote to a machine on your account.

What they did to your machine once they had remote access - thats the kicker. What else did they payload, what have they stolen.

Puzzled · 29 Nov 2017 at 16:12

Just been reading this:

https://www.howtogeek.com/257376/how-to-lock-down-teamviewer-for-more-secure-remote-access/

Have now set it up so only my account is whitelisted and that has 2FA enabled so should be safe, will have a look at alternatives again but teamviewer was by far the easiest last time I looked.

jpaul · 29 Nov 2017 at 21:42

..so, if you have not levelled it to the ground; is there any indication of how they got in? emails (still in deleted folder) or apps installed , that might correspond to TV install or use.

MooMoo444 · 29 Nov 2017 at 21:44

jpaul said:
..so, if you have not levelled it to the ground; is there any indication of how they got in? emails (still in deleted folder) or apps installed , that might correspond to TV install or use.

Male enlargement advert was clicked

pepp77 · 29 Nov 2017 at 22:05

x-st said:
Is it the alphabet twice and then 0 to 9?

Could be something as simple as a remembered sentence or a list of names, ie

andrewbobbycharliedavidevanfrankgeorgeharryianjameskevin is harder to crack than say F15icH3l1A

jpaul · 29 Nov 2017 at 23:26

verbatim "alphabet twice and then 0 to 9" would have been clever, or use the root password from the sheeples' favourite product.

Puzzled · 29 Nov 2017 at 23:51

pepp77 said:
Could be something as simple as a remembered sentence or a list of names, ie

andrewbobbycharliedavidevanfrankgeorgeharryianjameskevin is harder to crack than say F15icH3l1A

thatlassshaunicegavemeanitchyundercarriagebutatriptothedocsortedit is a favourite of a "friend"

mmj_uk · 30 Nov 2017 at 00:29

Finding out how you've been compromised will likely be mission impossible, you might even have been hacked directly? all you can really do is use a clean computer to change all of your passwords and nuke the infected one. Try to be more careful with what you install in the future, keep software up to date etc. I'd also update your router firmware and change wifi passwords just to rule out a neighbour hijacking your network.

wedrum · 30 Nov 2017 at 07:25

mmj_uk said:
Finding out how you've been compromised will likely be mission impossible, you might even have been hacked directly? all you can really do is use a clean computer to change all of your passwords and nuke the infected one. Try to be more careful with what you install in the future, keep software up to date etc. I'd also update your router firmware and change wifi passwords just to rule out a neighbour hijacking your network.

Yeh done all of that above except for the router firmware. Been racking my brains if where it came from but no idea. Maybe a torrent.

Semple · 30 Nov 2017 at 08:29

MonkeyMan said:
Well this is concerning, I use Teamviewer daily and have unassisted access set up.

I do have 2FA on the Teamviewer account but still this makes me question using the software now.

I've been using TV for years with unattended access enabled and never seen any issues.

If OP's had his PC compromised, then having access to TV should be the least of his worries.

Jamauk · 30 Nov 2017 at 09:46

Poo through their Ethernet adaptor!

subbytna · 30 Nov 2017 at 10:06

Jamauk said:
Poo through their Ethernet adaptor!

Beat me to it

jpaul · 30 Nov 2017 at 10:35

most worrying - that the quarantine list did not seem to label any of the malware as directly associated with setting up a teamware attack, teamspy for example.

thought this was interesting on the teamware site.
https://community.teamviewer.com/t5...viewer-installation-on-my-Computer/td-p/24373,

I recently wanted to make a withdrawal from an on-line bank savings account. Possibly because of the amount, I had to telephone the bank for them to authorise the withdrawal. During the proof of identity conversation they suddenly said, "You've got TeamViewer on your laptop, are you aware of this?' ...

implication that bank would not refund if TW intentionally installed???

their site is not very helpful, though.

Pawnless Endgame · 30 Nov 2017 at 21:43

jpaul said:
PUP.Optional.Mindspark is usually installed by the users themselves, who may be prompted by exaggerated promises of functionality. It provides toolbars and MyWay start pages claiming to offer sweepstakes, app emoticons, and helpful tools for user hobbies and interests.

MyWay Speedbar? Crikey, that's going back a bit. Like 2002/3 back in my tech support days. How come such spyware can still exist 15 years on and why are people still falling for it?