Well, you’ve got quite a few options here and many other complicated options which I won’t bother listing:
- You can reformat your computer, if you’re locked out of the BIOs and require a password to boot any removable media, etc. You can always jump your CMOS chip which will wipe all CMOS data including passwords (which will require a reflash) and a large portion of motherboards have been manufactured with a separate jumper just to clear passwords from the BIOs without wiping the CMOS. Usually you only have to apply 5vlts to the right pins, you can use a diagram online if needed, be sure to do some further research specifically into your motherboard model to see if there is a jumper if you’re unable to identify the chip(s). There are certain pins that you will need to touch in order to complete the circuit, I recommend using a diagram anyways to ensure no damage is done to your motherboard.
- You could always reset your local account(s) passwords to regain access to any administrative accounts through the registry (there are plenty of bootable media you could use this in order to do it, some just require a tid-bit of knowledge in shell (some do it automatically for your via SAM especially if running on an unencrypted partition), and there are ways to get in without any of that through safemode. (Google’s your friend and so is TPB)
- I’m sure you’re probably running outdated services that can be exploited to gain administrative privileges through a shell, even remotely if needed.
- You could lock him out through modifying your hosts file to block communications to teamviewer servers or deleting and removing the software through the registry or removing the startup service entries via any live os that can mount media, preferably Ubuntu just because it has a more user friendly GUI, along with automatically mounting any devices without further configuration. Feel free to drop a shell if you’re 1337 like that.
- There are more things you can do, and plenty of others to open a shell on him when he initiates a hand-shake with your system to trash his computer but I’m not going to get into all of that today. Google’s your friend.
- Oh and on your concern about him knowing if you stopped it. You could
just run a VM just be sure to copy over the proper registry entries in
order to keep your same ID and Password (Easy way). I’m sure there’s other ways to
feed him false snapshots, because that is how Teamviewer works, just
thousands of screenshots depending on the settings. You could code
something to listen in on the port he is running Teamviewer through to
either feed it to him on his computer or from yours. You could redirect
his requests, all kinds of stuff. Hell, just by blocking the Teamviewer servers via your hosts file, he would probably never figure out why Teamviewer isn’t communicating/pulling an ID for your computer, etc. Then you could just leave everything else the way it is, but by then he might decide to put a backdoor or a RAT on your computer and that’s if he’s a SKID which I doubt he’s even near that point if he’s resorted to Teamviewer.
Goodluck, G0TR00T – A SANS Certified CEH, MIT Lvl 1-3, DoDD8570