Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hardening (analyze & avoid remote access)

1 Week Ago   #1
rihtt

windows 7 Professional x64
 
 
Hardening (analyze & avoid remote access)

Hello
a client of mine runs a windows 7 embedded
[6.1.7601 Service Pack 1 Build 7601]


there is a remote management software installed called teamviewer host
(version 9)


But, here is the issue.
Someone is controlling the computer because the end-users have a number of times seen
that someone is controlling the mouse and are using the computer. And I suspect its not a teamviewer session but instead some else unknown RAT/spyware or other RMM




I have been assigned to investigate and stop this.


* teamviewer host logfiles shows no matching incoming_connections
*teamviewer host has been set to have 1 new password. And no other extras
*I deactivated the windows RDP/RDC protocol within control panel
*I installed malware antibytes and run a scan atm



What else do you suggest to do?




I am planning to visit the site and do some more work at the terminal:


Code:
() I will do a regshot of the system with my portable thumbdrive.
Reboot and scan again and check for anomalies

where-application stores its data -


() deny all in the windows firewall, and do exceptions just for critical applications
such as  wmupdate, teamviewer

() also if available check the router, and add additional firewall/block everything to this device in the network.


() check the   UAC  settings

() install and tweak with EMET,  but I found this toolkit quite hard to understand.



My System SpecsSystem Spec
.
1 Week Ago   #2
iko22

Windows 7 x64, Vista x64, 8.1 smartphone
 
 

Hello rihtt

Does the Windows 7 embedded computer have its own Mouse physically connected, or is it only (intentionally) controlled via Team Viewer?
My System SpecsSystem Spec
1 Week Ago   #3
samuria

win 8 32 bit
 
 

The top option is to setup a DMZ zone and assign it to a fix IP which doesn't exist set this on the router so nothing would connect from outside it would require something running on the pc to open connection check schedule and startup
My System SpecsSystem Spec
.

1 Week Ago   #4
F22 Simpilot

Windows 7 Ultimate x64
 
 

Team Viewer is very susceptible to having the account hacked. When you use TV it is vital you use 2FA (two factor authentication) I use Authy and I highly recommend you use Authy for every account that has a 2FA ability for Authy. Be it PayPal, eBay (unless you snipe, don't turn it on), domain providers, etc. Use Authy when you can. If email or SMS is the only option, use email, if SMS is the only option use SMS, though not very good since that is vulnerable to a sim card swap hack.

So what I would do right now is the following:

A: Login to the TV account and change the password. Use Keepass and make it at least 16 characters. Backup Keepass' database to multiple storage mediums regularly. USB flash drives, computers, hard drives, cloud storage, you name it.

B: Download the Authy App for your phone. Install Authy on your computer/s Go into your TV account and chose to use 2FA.

C: Run Autoruns and make sure there isn't something there that shouldn't be.

D: Run Sanity Check.

E: Run TDSSKiller.

F: Try Herdprotect portable.

DMZ and all that is not going to make a difference with a TV connection. A TV connection bypasses the firewall and router SPI via direct IP connection from the program to a server somewhere in the world. They have many IPs and I've seen several using Peerblock. In all the years I've used TV I have never had unusual behavior and that's principally because I use 2FA.

Heed my advice line by line. Any questions ask.
My System SpecsSystem Spec
4 Days Ago   #5
Alejandro85

Windows 7 Ultimate x64
 
 

The very first measure you could take is to propertly setup your firewall at the affected computer. Only let known programs to access the network, both for incoming and specially outgoing connections. Firewall logs may also discover the problem, if it ends up not being a teamviewer session.


Quote   Quote: Originally Posted by F22 Simpilot View Post
Team Viewer is very susceptible to having the account hacked.
Why? What's your basis for such claim?
My System SpecsSystem Spec
3 Days Ago   #6
F22 Simpilot

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
Why? What's your basis for such claim?

team viewe account hacked - Google Search

Next thing you know you'll say I'm wrong. Also, this has NOTHING to do with the network. TV punches through firewalls and SPI.

Also, from the search results. This is how you can check if your TeamViewer account has been hacked and what to do >> TechWorm
My System SpecsSystem Spec
3 Days Ago   #7
iko22

Windows 7 x64, Vista x64, 8.1 smartphone
 
 

Yes, I distinctly remember hearing about a Teamviewer hack in 2016. Googling it today, I found that the company first denied this happened, then they reported that it was an infrastructure attack rather than a user account attack. However, if users have personal doubts, then check the Teamviewer log entries, and report any anomalies to their customer support.
My System SpecsSystem Spec
.
Reply

 Hardening (analyze & avoid remote access)




Thread Tools




Similar help and support threads
Thread Forum
windows 7 maintenance, cleanup and hardening
im looking for a definant guide to hardening my windows 7 box and doing some cleanup before i go to windows 10 also performing a backup. i have software for backup no issue but i was wondering can i disable IP version 6? since im still using IPv4 ? is it needed? if there a guide out there please...
Performance & Maintenance
Care to recommend a remote access method beside Remote Desktop?
I have a home network of 4 Win 7 computers which I leave running when I'm away from home to provide data to my website, among other things. In the past, I've been using Remote Desktop to access my home computers. It works very well, but it's always a challenge getting everything set up to work...
Network & Sharing
how to avoid another Access 2010 disaster?
Hello, Yesterday I was looking something up in MS Access 2010, which I use often. I don't recall even changing any records - I was only looking something up. When I closed Access, I received an error message. Unfortunately I was quite busy at the time, and neglected to actually read the error...
Microsoft Office
How to block Windows 7 Updates to avoid clobbering Citrix VPN access?
Hi My spouse's laptop has Windows 7 Professional and it contains a Citrix client VPN access to her work. For some reason, I do not have the details, Windows Updates clobbers the Citrix client, thereby she cannot access her work. Note that Windows performs these updates without asking the...
Installation & Setup
Infection Of Windows Through Remote Access/Remote Desktop
This morning, I heard a nationally syndicated computer expert state that some Chinese hackers were "getting into" Windows based computers through "Remote Access/Remote Desktop" even if the service is turned off. According to the guru, "They will turn it on for you." Being very concrete, as well...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:32.
Twitter Facebook