TeamViewer Forum
General Category => Is Teamviewer hacked? Discussion and links. => Topic started by: Babee on June 17, 2016, 10:42:00 AM
-
Back at the office, my team viewer was closed and so was my 50 files that were opened the night before to prepare my work morning..a sensitive file show it was touched at 3:39 in the morning.This went on til 9:30 am
I attached the file to see if anyone would know what those information means...I do not see an exterior IP except teamviewer ,s one...
Any help please ! Need to find out who is hacking my computer...
-what is NetWatchdog
-CallbackID: means what ?
-
This is not teamviewer official support.
Put the text of your document into your post please. I won't download a .doc from a website in case it is infected.
-
Back at the office, my team viewer was closed and so was my 50 files that were opened the night before to prepare my work morning..a sensitive file show it was touched at 3:39 in the morning.This went on til 9:30 am
I attached the file to see if anyone would know what those information means...I do not see an exterior IP except teamviewer ,s one...
Any help please ! Need to find out who is hacking my computer...
-what is NetWatchdog
-CallbackID: means what ? I cannot paste teh whole log but here s a bit :
[2016/06/16 03:38:32.901 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=184
2016/06/16 03:38:32.901 3400 3596 G1 QueryRooms::Execute[queryChatRoomsResponseCb]: No rooms received
2016/06/16 03:38:32.901 3400 3592 G1 QueryRoomsOperation::Execute[queryRoomsResultCb]: Success: Received no rooms
2016/06/16 03:38:32.901 2028 2976 S0 CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=321
2016/06/16 03:38:32.932 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=171
2016/06/16 03:38:32.932 2028 2976 S0 CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=1373
2016/06/16 03:38:33.073 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=184
2016/06/16 03:38:33.088 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=1764
2016/06/16 03:38:33.104 2028 2976 S0 CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=776
2016/06/16 03:38:33.244 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=778
2016/06/16 03:38:33.260 2028 2976 S0 CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=426
2016/06/16 03:38:33.400 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=853
2016/06/16 03:38:48.938 3400 3404 G1 Tray created!
2016/06/16 03:39:14.529 2028 4760 S0 SecurityInformation::GetAntivirusStatus(): No third party security products detected
2016/06/16 03:39:14.531 2028 4760 S0 SecurityInformation::FirewallEnabled(): Firewall state for profile 4: 1
2016/06/16 03:39:14.531 2028 4760 S0 CDiskSpace::GetDiskSpaceInformation(): drive: C:\, free space: 1395519193088, capacity: 1476000739328
2016/06/16 03:39:14.531 2028 4760 S0 CDiskSpace::GetDiskSpaceInformation(): drive: D:\, free space: 517913124864, capacity: 524286947328
2016/06/16 03:39:14.531 2028 4760 S0 CDiskSpace::GetDiskSpaceInformation(): drive: F:\, free space: 1942663327744, capacity: 3000557891584
2016/06/16 03:39:14.532 2028 4760 S0 CMachineStatus::PerformBasicChecks(): No changes in local monitor status to send to provider
2016/06/16 03:40:14.528 2028 3648 S0 SecurityInformation::GetAntivirusStatus(): No third party security products detected
2016/06/16 03:40:14.530 2028 3648 S0 SecurityInformation::FirewallEnabled(): Firewall state for profile 4: 1
2016/06/16 03:40:14.531 2028 3648 S0 CDiskSpace::GetDiskSpaceInformation(): drive: C:\, free space: 1395428831232, capacity: 1476000739328
2016/06/16 03:40:14.531 2028 3648 S0 CDiskSpace::GetDiskSpaceInformation(): drive: D:\, free space: 517913124864, capacity: 524286947328
2016/06/16 03:40:14.531 2028 3648 S0 CDiskSpace::GetDiskSpaceInformation(): drive: F:\, free space: 1942663327744, capacity: 3000557891584
2016/06/16 03:40:14.531 2028 3648 S0 CMachineStatus::PerformBasicChecks(): No changes in local monitor status to send to provider
2016/06/16 03:41:11.324 3400 3404 G1 CBuddyWindow::OnTimer(): [OnlineState] System is idle. TimeUntilIdle: 300 seconds
2016/06/16 03:41:11.324 2028 1156 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=33
2016/06/16 03:41:11.480 2028 2976 S0 CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=98
2016/06/16 03:41:11.480 2028 2976 S0 CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=1
2016/06/16 03:41:11.527 3400 3404 G1 CBuddyWindow::SetAccountVisibilityTimer(): [OnlineState] ResultCB, state changed to: 2
2016/06/16 03:41:14.627 2028 5280 S0 SecurityInformation::GetAntivirusStatus(): No third party security products detected
2016/06/16 03:41:14.689 2028 5280 S0 SecurityInformation::FirewallEnabled(): Firewall state for profile 4: 1
-
maybe it was 'touched' when the disk available space was calculated, but it also may have been regular antivirus check of the file system or a backup process or...
It doesn't look to me that anything untoward has happened via teamviewer, but then again if someone did hack via teamviewer they may also be able to change the log files to hide their activity...
Writing log files to write once (not rewrittable) CDs is the only way to guarantee log accuracy.
-
Thank you for your answer Matt. Is it normal that it closes by itself after this ?
-
I really don't know.