Author Topic: My team viewer was closed in the morning with major activities showing all night  (Read 15225 times)

Babee

  • Newbie
  • *
  • Posts: 3
Back at the office, my team viewer was closed and so was my 50 files that were opened the night before to prepare my work morning..a sensitive file show it was touched at 3:39 in the morning.This went on til 9:30 am
I attached the file to see if anyone would know what those information means...I do not see an exterior IP except teamviewer ,s one...
Any help please ! Need to find out who is hacking my computer...
-what is NetWatchdog
-CallbackID: means what ?

matt

  • Hero Member
  • *****
  • Posts: 904
This is not teamviewer official support.

Put the text of your document into your post please. I won't download a .doc from a website in case it is infected.

Babee

  • Newbie
  • *
  • Posts: 3
Back at the office, my team viewer was closed and so was my 50 files that were opened the night before to prepare my work morning..a sensitive file show it was touched at 3:39 in the morning.This went on til 9:30 am
I attached the file to see if anyone would know what those information means...I do not see an exterior IP except teamviewer ,s one...
Any help please ! Need to find out who is hacking my computer...
-what is NetWatchdog
-CallbackID: means what ?  I cannot paste teh whole log but here s a bit :
[2016/06/16 03:38:32.901  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=184
2016/06/16 03:38:32.901  3400  3596 G1   QueryRooms::Execute[queryChatRoomsResponseCb]: No rooms received
2016/06/16 03:38:32.901  3400  3592 G1   QueryRoomsOperation::Execute[queryRoomsResultCb]: Success: Received no rooms
2016/06/16 03:38:32.901  2028  2976 S0   CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=321
2016/06/16 03:38:32.932  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=171
2016/06/16 03:38:32.932  2028  2976 S0   CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=1373
2016/06/16 03:38:33.073  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=184
2016/06/16 03:38:33.088  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=1764
2016/06/16 03:38:33.104  2028  2976 S0   CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=776
2016/06/16 03:38:33.244  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=778
2016/06/16 03:38:33.260  2028  2976 S0   CT3 CT.Send.CMD_ROUTERCMD From=223583878 To=238720260 L=426
2016/06/16 03:38:33.400  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=853
2016/06/16 03:38:48.938  3400  3404 G1   Tray created!
2016/06/16 03:39:14.529  2028  4760 S0   SecurityInformation::GetAntivirusStatus(): No third party security products detected
2016/06/16 03:39:14.531  2028  4760 S0   SecurityInformation::FirewallEnabled(): Firewall state for profile 4: 1
2016/06/16 03:39:14.531  2028  4760 S0   CDiskSpace::GetDiskSpaceInformation(): drive: C:\, free space: 1395519193088, capacity: 1476000739328
2016/06/16 03:39:14.531  2028  4760 S0   CDiskSpace::GetDiskSpaceInformation(): drive: D:\, free space: 517913124864, capacity: 524286947328
2016/06/16 03:39:14.531  2028  4760 S0   CDiskSpace::GetDiskSpaceInformation(): drive: F:\, free space: 1942663327744, capacity: 3000557891584
2016/06/16 03:39:14.532  2028  4760 S0   CMachineStatus::PerformBasicChecks(): No changes in local monitor status to send to provider
2016/06/16 03:40:14.528  2028  3648 S0   SecurityInformation::GetAntivirusStatus(): No third party security products detected
2016/06/16 03:40:14.530  2028  3648 S0   SecurityInformation::FirewallEnabled(): Firewall state for profile 4: 1
2016/06/16 03:40:14.531  2028  3648 S0   CDiskSpace::GetDiskSpaceInformation(): drive: C:\, free space: 1395428831232, capacity: 1476000739328
2016/06/16 03:40:14.531  2028  3648 S0   CDiskSpace::GetDiskSpaceInformation(): drive: D:\, free space: 517913124864, capacity: 524286947328
2016/06/16 03:40:14.531  2028  3648 S0   CDiskSpace::GetDiskSpaceInformation(): drive: F:\, free space: 1942663327744, capacity: 3000557891584
2016/06/16 03:40:14.531  2028  3648 S0   CMachineStatus::PerformBasicChecks(): No changes in local monitor status to send to provider
2016/06/16 03:41:11.324  3400  3404 G1   CBuddyWindow::OnTimer(): [OnlineState] System is idle. TimeUntilIdle: 300 seconds
2016/06/16 03:41:11.324  2028  1156 S0   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=33
2016/06/16 03:41:11.480  2028  2976 S0   CT3 CT.Receive.CMD_ROUTERCMD From=238720260 To=223583878 L=98
2016/06/16 03:41:11.480  2028  2976 S0   CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=1
2016/06/16 03:41:11.527  3400  3404 G1   CBuddyWindow::SetAccountVisibilityTimer(): [OnlineState] ResultCB, state changed to: 2
2016/06/16 03:41:14.627  2028  5280 S0   SecurityInformation::GetAntivirusStatus(): No third party security products detected
2016/06/16 03:41:14.689  2028  5280 S0   SecurityInformation::FirewallEnabled(): Firewall state for profile 4: 1

matt

  • Hero Member
  • *****
  • Posts: 904
maybe it was 'touched' when the disk available space was calculated, but it also may have been regular antivirus check of the file system or a backup process or...

It doesn't look to me that anything untoward has happened via teamviewer, but then again if someone did hack via teamviewer they may also be able to change the log files to hide their activity...
Writing log files to write once (not rewrittable) CDs is the only way to guarantee log accuracy.

Babee

  • Newbie
  • *
  • Posts: 3
Thank you for your answer Matt. Is it normal that it closes by itself after this ?

matt

  • Hero Member
  • *****
  • Posts: 904
I really don't know.