Teamviewer - dangers of allowing remote access

If I allow someone remote access with Teamviewer, can they copy and paste my video folder (or any folder) to their computer just by copy and paste without me knowing? What he did was select Desktop, Documents, Video, Pictures, and music, he did it so quickly. I don't recall seeing a right click copy though; maybe he did that so fast it slipped my mind.

Nothing valuable on those folders other than photo's. Do you think he had enough time to install something bad. I met him on freelancer I cant believe I fell for it. What should I do to check for malware etc? I just deleted the rar ( there was nothing to uninstall); he managed to download 5MB on to my desktop.

The software he wanted to transfer to my desktop was a cracked commercial program with accompanying license keys. I did not know he was going to do that though.

Win 8.1

 

What should I do to check to see if anything malicious is running in background or stolen with copy and paste during Teamviewer? I still can't believe I fell for this. I feel like buying a new laptop but the usb was connected to so that may now be infected too and spread to new laptop.

 

Have you tried doing a system restore or installing a back up image taken prior to the Team viewer access ?

 

You can just drag and drop with teamviewer so no copy paste would have been needed! I wouldn`t imagine anything was installed as you would probably have noticed (if you were there the whole time), anyway run some scans with stuff like Zemana Free, Emsisoft Emergency Kit and whatever AV you`re currently using...

 

Once you allow anyone access to a device, be it computer, phone, tablet or whatever, all bets are off. They are logged in to the device with the same privileges as the user account you're using. If you have reason to suspect they accessed something or dropped unknown software, you should assume the device may well be compromised. Only you can determine how deep they may have gone...

 

Recently used another remote access tool (not Team Viewer) and allowed someone from my device manufacturer to remotely access and investigate a hardware issue. At the conclusion, VoodooShield blocked an unknown "extremely suspicious" file. Again, this was via remote access with my computer manufacturer's tech support. Never let your guard down, ever. I've since turned off Allow Remote Access in Control Panel, multiple scans ran cleanly. Thanks, VS.

 

Peter2150 and HAN are exactly correct.

Let's put this in perspective should a google search on TeamViewer direct a researcher to this thread.

The OP's questions could be reworded, "If I give him the key to my house, can he do things in there without me knowing?"

Yes.

TeamViewer has a stellar reputation and has been in its 11-year history quick to respond to the few detected security flaws. And far more quickly than the denial leading and foot-dragging we've come to expect from the software industry.

Like any other powerful and effective construct, it can be and has been criminally abused, particularly within the usual scenario where the provider or user is tricked. Unfortunately we are human and no matter how smart we think we are, we can be victimized.

Now, have a nice day.

 

I would first make sure that "unattended access" was not enabled. It is not uncommon that unscrupulous "support" people enable unattended access so they can get back into the system without the user's awareness/consent. Start Team Viewer, right click the tray icon and go into "Options". See if it's set to "Start with Windows". If so turn it off. Under Security see if there's a password entry. If so change the password. Make sure Windows Logon is set to "not allowed".

Do a full scan with your security software and consider installing and scanning with MalwareBytes AntiMalware for a second opinion.

I'm not sure how you could determine whether or not data was copied/stolen. It would take some time to upload a significant amount of data. I haven't used Team Viewer for file transfer though and don't know if it's obvious when that's happening.

 

You can press Ctrl + C to copy files. You don't need to right click.

If you computer is infected, then it can be cleaned just by doing a clean install. You never need to buy a new computer when you get infected. I wouldn't worry to much about the USB. Even in the unlikely case it was infected, the only way to get infected from it is to manually open an infected file on it. Just plugging it in and opening the drive in Explorer will be harmless. If you're paranoid, just format it.

 

I uninstalled Teamviewer, but I notice its exe file is there in downloads though.

 

Then there's the hassle of reinstalling 3rd party programs, but I guess its worth it for peace of mind. I had a usb stick attached to the computer when this happened do you think it spread to the usb stick too, I will use that very same usb stick after clean install of the computer so the computer may get compromised again.

 

If you don't want to reinstall anything, run malware scans on your computer to clean it. Scanning with Zemana Ant-Malware and Malwarebytes would be good staring points. Personally, I never reinstall Windows when I get infected.

The only way you can get infected from the flash drive, is if you manually open an infected file on the drive. You won't get infected, just by using it.

 

Perhaps I've missed something, but how did you come to feel that your computer is infected? Apart from that why not scan it with a few good antivirus and antimalware products to clean it or confirm that it's clean?

 

Check the log files of the teamviewer
https://www.systoolsgroup.com/forensics/teamviewer/
https://www.reddit.com/r/teamviewer/comments/4m5t8e/if_you_were_hacked_look_in_the_teamviewer_logs/

Panagiotis

 

Good question; I'm suspcious by nature. Zemana scan seems all good so far except I'm uncertain about this one which is quarantined.

Details:
CltMngSvc.exe
Status : Scanned
Object : %programfiles%\lenovobrowserguard\main\bin\cltmngsvc.exe
MD5 : 846250FED75A1EC8FC0D64B56B162DD7
Publisher : ClientConnect LTD
Size : 2490184
Version : 2.12.1.1
Detection : Adware:Win32/ClientConnect!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\lenovobrowserguard\main\bin\cltmngsvc.exe
Process - 1144 - C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
Registry Entry - HKLM\System\CurrentControlSet\Services\CltMngSvc\ImagePath = C:\PROGRA~2\LenovoBrowserGuard\Main\bin\CltMngSvc.exe

 

I uninstalled Teamviewer as soon as I booted the guy off it. Will logs still be there if I install it again; I see Teamviewer.exe still remained in downloads folder even though I used uninstall in control panel; logs may still be there?

Windows 8.1

 

It's adware realted so it's best to be deleted. But, it's something which came installed on your computer.

 

That's just the installer for TeamViewer. Most likely the logs were deleted when you uninstalled it. If you install it again, they won't come back.

 

The log should still reside in C:\users\[your user name]\AppData\Roaming\Teamviewer

Panagiotis

 

Is there a way to allow teamviewer without compromising yourself.
How would you go about that? What would you have done?

Thanks in advance.

 

- set a password to your admin account if not already done.
- create a standard user account that you will use for teamviewer (you will delete that account later)
- switch to that standard account, download and run the "teamviewer quicksupport" version (it does not need admin rights to run)
- connect and allow the other user to demonstrate/help/etc. without giving admin rights eg. if he wants to run or install something that needs administrator rights you respond sorry, I cannot do that... only exception would be if you really trust the other person, but still you do not give him the admin password but you type it yourself when/if needed.
- after the session is finished you save whatever files you need to another location or a usb flash, you log out and delete the temp account.
- you are done.

Panagiotis

 

Under standard account will they be able to drag and paste to or from my desktop (and from theirs to mine)?

 

Yes, only give access to people you trust 100% If you don't have complete confidence then why would you allow it?

When I use Team Viewer with my customers I explain that the session is password protected and the password changes for each session; that means they have to give permission each time to allow access. I do not enable Team Viewer to start with Windows and I do not setup unattended access. Legitimate support personnel typically explain how remote support works and how the user can end the session at any time.

 

Yes.

Panagiotis