Was hacked via Team Viewer, gutted, need help

[Combat squirrel]

Hi all, so completely randomly my windows 2012 server got hacked that was running team viewer - i have no idea how they found it, and why someone took the time to hack it.

WEIRDLY THOUGH, it seemed to be a sloppy hacker, i logged into my server (locally) to find it with a web browser open with its history as paypal and found some software on the desk top that seemed to be something that extracts passwords from web browser history and/or 'saved passwords' section of the browser - they had opened opera but i never used it really

My server ran pure VPN and was used to send files to crashplan.

Further to my shock I remembered around 20 days ago i got an email from paypal saying i had chosen to stay logged into a device called 'windows 8 safari'.......which i didnt, so i reported that to paypal and changed my password.

Discovering this yesterday really shook me up to be honest - I have also changed my teamviewer password etc

So im left confused and upset as to HOW, WHY, and WHAT?!

I dont run any dodgy software, iv never done anything regarding personal info on my server - and the fact they used team viewer makes me think its a team viewer problem ? Any info guys?

FYI I have shut the server down and will be formatting now - im not sure weather to use windows again or not really, and defo not with team viewer

 

[Combat squirrel]

team viewer was already running as I used it to get to my server off site - I guess thats how just shocked, I mean, where would they even be able to guess the password? Off team viewers database?!

 

[Combat squirrel]

Yeh it's just odd because of the billions of pcs on earth, they had to manually use my server to do what they did, I want to switch to Linux and a high security one but I know nothing about it, I used windows as I know the software

 

[Combat squirrel]

Fair does well, linux now, any guides? I Need a security camera application for my cctv and the ability to use crash plan AND other cloud back up software, I know nothing about linux, halp

 

[Combat squirrel]

Thanks howie.... My plan is to start the server but offline, then run the software to scan what passwords are indeed on the system or not, as I said I'm fairly sure I never logged into any accounts on my server, once iv done that I'm nuking the install.

Security was standard av, Windows firewall, spybot anti beacon etc.... However as they used TV I think it by passes it all anyway.

 

[Combat squirrel]

I'd at least consider beefing up your antivirus to something like ESET.

True, but it being TV it didnt matter what i ran, what i really need is to get software that only lets me use the pc (like it wont run any software without a password or something)

 

[Combat squirrel]

Well im finally back home (nightmare happened when i had to work away for the weekend), and removed the network plug off the affected system and ran the software they used which was 'web browser pass view' and it turns out it was my password i use for 'useless stuff' ........ i.e. nothing serious just for the 'sake of putting a word in a password box' password............and it was one browser only, the others didnt have saved passwords thankfully (not that i used this box for anything)

Luckily all my 'serious' stuff doesnt contain this password so I got away with it so to speak, however its taught me a MASSIVE LESSON here.........im still nuking the install now i know what he saw.

Why is windows as secure KIA ? I guess it was done via TV so yeah that makes sense, is there any locked down versions of windows available ?, any guides to make the most secure always on server?

What is the best way to remote access my server when i need to ?

I have also deleted my TV account.