Results 1 to 7 of 7
  1. #1
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,433
    Thanks
    371
    Thanked 1,456 Times in 1,325 Posts

    TeamViewer Trojan?

    Hey Y'all,

    This morning my MalwareBytes Pro popped up telling me it found malware. Here's the log file:
    TeamViewerTrojan.txt

    I did some googling and there are several reports going back a couple of years but this one says the current version in clean?

    I've quarantined the files and TeamView seems to still work. Does anyone else have any experience with this?

    Last edited by RetiredGeek; 2014-10-31 at 08:35.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  2. #2
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,134
    Thanks
    101
    Thanked 574 Times in 460 Posts
    Hi RG - I have the same setup, i.e. I'm using TeamViewer 9 (v9.0.324940) and Malwarebytes Anti-Malware (Premium) v2.00.3.1025 (although the latter's Malware Database is slightly newer, i.e. v2014.10.31.06). I've carried out a Threat Scan on the TeamViewer program files folder and it completed successfully, i.e. no malicious items found.

    The only 4 things I can think of are:

    1. Update the Malware Database to v2014.10.31.06 and try a new Threat Scan just in case v2014.10.31.04 flagged TeamViewer incorrectly.

    2. I don't understand why your and my filepaths for TeamViewer are different. Even taking into account the differences between Windows 8.1 x64 (you) and Windows 7 x32 (me) I would have thought TeamViewer would have installed to the same file location on both systems. Yours installed to C:\Program Files (x86)\TeamViewer\ whilst mine installed to C:\Program Files\TeamViewer\Version9\, which is mirrored in the ImagePath setting in my PC's registry (under HKLM\SYSTEM\CurrentControlSet\services\TeamViewer9 ). Odd - which leads me to...

    3. I downloaded TeamViewer 9 directly from the TeamViewer website. Did you?

    4. Are you using the full version of TeamViewer or just the Host version? (in case there are differences in TeamViewer_Service.exe and TeamViewer_Desktop.exe between the versions... which I think is unlikely.)

    Hope this helps...
    Last edited by Rick Corbett; 2014-10-31 at 11:19.

  3. #3
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,433
    Thanks
    371
    Thanked 1,456 Times in 1,325 Posts
    Rick,

    Yes, I downloaded directly from Team Viewer website.

    On 64 bit systems (OS) 32 bit programs (TeamViewer) load into the Programs (x86) folder.

    I changed the path on the install so I don't have to constantly change Scheduled Tasks and shortcuts everytime a new version level is installed, e.g. 8 to 9 etc.

    I'm going to uninstall TV and reinstall using Revo Pro then rescan ... I just updated MWBP and got version ...07.

    I'll report back.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  4. #4
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,134
    Thanks
    101
    Thanked 574 Times in 460 Posts
    On 64 bit systems (OS) 32 bit programs (TeamViewer) load into the Programs (x86) folder.

    I changed the path on the install so I don't have to constantly change Scheduled Tasks and shortcuts everytime a new version level is installed, e.g. 8 to 9 etc.
    I know about the Programs (x86) folder on 64 bit systems... and now I know why your filepath is different, i.e. doesn't use a Version9 sub-folder.

    I just did a Malwarebytes update and got v2014.10.31.08!

  5. #5
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,433
    Thanks
    371
    Thanked 1,456 Times in 1,325 Posts
    Rick,

    By the time I did the uninstall, reboot, reinstall I got .08 also. It scanned clean. Don't know what the problem was this morning.
    I just did a scan on my Laptop using .08 and got the same clean results it never popped up with any alerts. I guess it was just an anomaly with .04.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  6. #6
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,134
    Thanks
    101
    Thanked 574 Times in 460 Posts
    I'm glad it's fixed.

    (I'm also glad I appear to have skipped .04!)

  7. #7
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    This false positive was corrected in the MBAM database with the release of v2014.10.31.5

    Thank you for reporting this.
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •