My "friend" needed to do something via the remote access called team viewer. He said instead of using team viewer because it's a third party so they can see everything, he suggested I give him my IP and modem numbers and got all my protocol numbers and all that and went to terminal and put some additional commands with all this information now he can see what I am doing live 24/7. What do I do to reverse this? will getting a new modemn IP do the trick?

First thing I would do is disconnect the affected device. Even if you have to plug your computer directly into the Internet (be sure your computer firewall is enabled and blocks everything by default).

Can you give more details about your setup? Make/model? Custom firmware? If so, what firmware? If it's a computer then more details about what OS?

He got terminal access which isn't typical of consumer equipment. Providing more details is better. Descriptions like, "put some additional commands," make it hard for me to help you unless I know what commands.

Hello and welcome to LQ.

I doubt a new IP will do it. Teamviewer generally has a program on your computer to track the changes.

So, you can ask your friend how to remove this if it is a friend. If this is some scammer then you may be in big trouble.

You should be able to use iptables to limit the access to teamviewer ports if it is really teamviewer. You might be able to find the program on your system that is running and remove it.

I'm sure others have ways to defeat this.

I assume you do have linux and may wish to just reload the OS to a current version and be sure to learn and use as many best practices as you can.

linux ubuntu 14.04 is in.

Not on teamviewer anymore. He got all my sensitive inforamtion and used that to configure tings also in terminal and can remote see everything without the teamviewer app. I have no idea how to reverse this

My highest recommendation is you should disconnect your computer from the Internet to prevent further access. Get a USB drive and back up your sensitive data (typically just /home/$USER). Completely reinstall your OS. There's no telling what that person did so it's best not to chance it. They could have installed a program capable of circumventing any fixes you attempt (firewall or otherwise).

If you don't feel you're capable then reach out to your local Linux User Group (aka LUG). Those folks are typically willing to help out people in your situation. Where are you located geographically?

1 members found this post helpful.

You re-installed and used the same passwords?