Possible teamviewer breach

**SpankedHam** · 02-06-16, 08:20 AM

If you have teamviewer on your PC you should read this article. It may well turn out to not be a problem with teamviewer itself, but it never hurts to keep an eye out.

**admin** · 02-06-16, 03:31 PM

This is a pretty big one (based on what I have read today)

**Philquad** · 03-06-16, 07:24 PM

im always in breach of tv
overuse lol

**Seymour Butts** · 03-06-16, 08:49 PM

I don't think any of my systems have ever been breached but recently I've been getting constant pop ups from Team viewer claiming suspected commercial use.
There isn't any but it limits any session I have to 5 mins
I've sent them the log files but doesn't change there mind.
I'm constantly having to load and reload Team viewer.
It usually lasts about 2 weeks and then I start getting the pop ups again

**Philquad** · 04-06-16, 11:39 AM

uninstall it
remove any traces of it, reg files, users/apps folder ect
change your mac address
reinstall it

**Seymour Butts** · 04-06-16, 07:36 PM

Originally Posted by Philquad

uninstall it
remove any traces of it, reg files, users/apps folder ect
change your mac address
reinstall it

This is proving a little more difficult that I thought
I believe I've removed all trace
Gone through the registry users\AppData-files etc and original location

But spoofing the MAC
I've always assumed;
Device Manager/Network Adapters\Realtek PCIe GBE Family Controller\Properties\advanced\Network Address ????
Mine's Value is ticked 'Not Present" - Can I assume you just give a value IE: any 12 characters 004fgHHH8880 without any dashes or full colons.

**Seymour Butts** · 04-06-16, 08:26 PM

Well, they are doing something sneaky

Wound back the PC to an earlier (much) iteration
Changed the MAC Addy - confirmed
Changed the IP - Confirmed
Deleted all reference to Teamviewer - confirmed

Fdddd if I know what to do next except pay for it

**Seymour Butts** · 04-06-16, 11:00 PM

Finally got it all fixed.
Jeeze Teamviewer hides crap all over the show - heaps of Cached and Temp directories and folders

**Philquad** · 05-06-16, 03:59 PM

yes finding that myself
have done it before
this helps

im more concerned atm with the pos at the other end
2 pc's have had cryptolocker thru them
its impossible

**Seymour Butts** · 05-06-16, 10:21 PM

Thanks Phil,
Yes, thats the same file I found and now use - quite handy.
Thanks for your help

**SpankedHam** · 06-06-16, 07:47 AM

Originally Posted by Seymour Butts

Mine's Value is ticked 'Not Present" - Can I assume you just give a value IE: any 12 characters 004fgHHH8880 without any dashes or full colons.

Any value using 0-9 A-F, but it must be unique on the network and, if by some bizarre chance given how everything is switched these days, you have a hub or *gasp* coax based network, at least 200 count different to any other MAC on your network to allow collision back-off to work properly.

**Seymour Butts** · 06-06-16, 08:09 PM

Originally Posted by Philquad

yes finding that myself
have done it before
this helps

im more concerned atm with the pos at the other end
2 pc's have had cryptolocker thru them
its impossible

Hi Phil,
speaking of Cryptolocker - have you had any luck cleaning systems that are Crypto infected??
I must admit I usually just wind back or rebuild but what about yourself??

**Philquad** · 06-06-16, 08:32 PM

not really
i started a thread
basicly if theres a previous version or shadowcopy its ok
but in this case, there gone & system restore is shot
even data recovery is not working as theres no previous install
so im only recovering corrupted files anyway

Thread: Possible teamviewer breach

Thread Tools

Search Thread

Display

Possible teamviewer breach

The Following User Says Thank You to SpankedHam For This Useful Post:

The Following User Says Thank You to Philquad For This Useful Post:

The Following 2 Users Say Thank You to Philquad For This Useful Post:

The Following User Says Thank You to SpankedHam For This Useful Post:

Bookmarks

Bookmarks

Posting Permissions