message was edited by ralf ludwig
----------------------------------------------------------------------------------------------


hi there,

there is no virus inside teamspeak. this is just a false
warning from @ mcafee. you can download the attached
file to solve this problem without waiting for mcaffee to
fix the bad signature file.

-----------------------
all posts / threads wich belong to this isse will be merged into this one.



* * * * * * * * * * * * * * * * * * * *
USE THE ATTACHED FILE
TO FIX THE PROBLEM
* * * * * * * * * * * * * * * * * * * *



I have just run across an error when I initialize TS that it tells me my keypress.dll is not available..
TS then proceeds to load correcly. Well I have tried to uninstall and reinstall but it will not replace the keypress.dll. The install stops at the file shows the path to the teamspeak program folder stateing that it cannot rename the keypress.dll..
I have searched for any hint to the file in the registry, deleted everything. yet still I cannot install correctly..
Has anyone come across this????

yes i have just got this too, but with added factors, i also just before starting up my teamspeak updated my Mcafee. (Mcafee details are Build: 8.0.27 Engine Version: 4.3.20 DAT version 4.0.4364 DAT file created 02/06/2004)

well Turns out Mcafee thinks that file is a trojan. so it auto cleaned and deleted my "Keypress.dll". Mcafee also just found the trojan today (02/06/2004) as shown on their website http://vil.nai.com/vil/content/v_117956.htm

my pictures of mcafee finding this "Trojan"
http://www.ashforth.me.uk/ts/1.jpg
http://www.ashforth.me.uk/ts/2.jpg


anyone from Teamspeak know anything about this,

We just had this problem with another virus scanner (Stinger? can't remember) last week. Just put the file on ignore (if there is such an option in McAfee) and leave it be. You shouldn't try to have the file repaired or anything. Chances are very good it's a false positive, especially if the rest of your files check out ok.

i had to remove teamspeak because it tried to give me a virus! so i deleted it and download it again and this is what it said!

teamspeak2_RC2\keyPress.dll


an error occurred while trying to rename a file in the destination directory:
MoveFile failed; code 5.

Click Retry to try again, Ignore to skip this file (not recommended)

Ok Brain That Didnt Help Plezz Give More Info

McAfee just auto updated and flagged the keypress.dll as having a trojan, the trojan is the PWS-Wexd, i've tried to reinstall and get the file sent to me by other ts users via msn but all files get flagged and auto deleted.

any help with this would be good as trying to play with out push to talk is just too annoying for everyone else on the ts server

it loooks like there is a similar thread in the german section but i didn't really understand it all

it seems some of our TS users that have Mcaffee have been getting locked out of using the push to talk feature with TS when Mcaffee locks this file out - keypress.dll

virus info
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100476

none of the norton users seam to have any problems, but we can now confirm two UK members files say they are confirmed

i realy dont think there is much to worry about but it looks like a german posted the same yesterday

if you guys can clear this up it would be sexy

RN Malboeuf
www.roughnecks.org - One of the largest online gaming Communites in the world
Server 1 info - Dual Xeon 2.8 Ghz 2 gig ram - Red hat 9 latest shiznig
Server 2 info - AMD Barton 3200 1 gig ram - Win 2K3

TS2 IP = tst.roughnecks.org

i just updated my mcaffe and have texactly yhe same deal, trojan in the keypress.dll

more info can be found in this thread

http://www.teamspeak.org/forums/showthread.php?t=14285

I am getting same error. Could you TS guys rename file and come out with patch plz. Without push to talk it is kinda hard to game with a lot of people on TS. :eek:

Yeah dude samething happened to me.....now I cant start up T.S.without getting that error message...and now I cant uninstall or reinstall without getting some error...what should I do... I did a system restore...but as soon as I start T.S. Mcafee deletes the file automatically and doesnt give me a choice not to! Can someone please HELP?

I'm getting the same thing in the .dll file, so I deleted it, uninstalled Teamspeak, redownloaded, and attempted a new install.

While installing, I got another VirusScan alert.

The exact error/alert says:

"Infected file name:
C:\...\teamspeak2_RC2\is-A77ud.tmp

Virus name:
PWS-Wexd.dll

VirusScan suggests
This infected file cannot be cleaned. You should delete the filed and replace it with a clean copy. Your data will not be affected."

I think the downloadable executable has been virus-cized.

so how can i get the keypress.dll file back and not have it be cleaned my mcafee

Happened to me today after the mcafee update using mcafee virus scan professional 8.0

Get ready for the posting mayham.

I don't know if this is a legit trojan or not.
To get around the "protection" mcafee provides
uninstall teamspeak, delete the teamspeak directory.
set the properties of your mcafee product to prompt, instead of auto clean or delete.
Disable mcafee background scanner.
reinstall teamspeak.
re enable mcafee.. launch teamspeak
it will prompt about keypress.dll
click exclude
that should do it..
Now if it really is a keylogger phoning your passwords home to some slug.. we is all pooched..

Hope someone at Teamspeak addresses this issue...

Cheers..

Why dont you guys switch to the Win32 API call GetASyncKeyState

Also see here: http://www.teamspeak.org/forums/showthread.php?t=14276

thats my keypress.dll, can you check if that virus tool reports the same for it ?

-> file removed, please take the one 2-3 posts later

http://www.teamspeak.org/forums/showthread.php?t=14276&highlight=keypress.dll

R. Ludwig, I downloaded your keypress.dll and scanned it with McAfee and found no virus.

I then tossed it into my main TS folder and no longer got the message file is missing. McAfee also does not remove the file when I start TS again.

Is this a fixed DLL? Was the TS DLL we had really infected with a trojan?

thats my keypress.dll, can you check if that virus tool reports the same for it ?


I copied your keypress.dll to the teamspeak directory, replacing the one that was deleted by McAfee. I loaded TeamSpeak and got no error. I also didn't get an error when I copied it into the directory, nor did I get an error when I manually scanned it. I have the Enterprise 7.1.0 version with Virus definitions 4364 (June 2, 2004).

I've had TeamSpeak installed for months.

i am not sure if the original keypress.dll contains a virus.
maybe, (what happens from time to time), mcaffee just found a signature which
match to the contents of the fiile.

double post sorry

:confused: i got the exact same error, mcafee updated and then it prompted me.

i downloaded your keypress.zip file with a new keypress.dll, i still have problems!

when i try to install it i get the same error as everyone else when i try'd to re'install the ts2 client program.

i was on the server before the update talking with friends in a game, then i exited the game, to download the new mcafee update, after doing so, minutes later it said the error for the keypress.dll.

i then continued playing, and talking, but no one could hear me, i tried in options in the ts2 client, to get it to work, no one can hear me, even in the test of the codec's i cant hear myself, i downloaded the new file keypress.dll and put in the teamspeak folder, and it loaded, but still no one can hear me, WHAT IS GOING ON, it was just working so fine, AND I AM PAYING FOR THE SERVER which I CANNOT even TALK to anyone, but i can hear them, it is useless now, how can i get it so people can hear me, i have binded my mouse button for talking, it was working before, why not now, can any1 give me an explanation and/or an answer to the problem, so i can get the people to hear me, i feel stupid talking to myself, and saying over and over "can you hear me? hello, can any1 hear me?"

thanks

@FighterX:
please try this one and report back...
------------------------------------------------------------

* * * * * * * * * * * * * * * * * * * *
USE THE ATTACHED FILE
TO FIX THE PROBLEM
* * * * * * * * * * * * * * * * * * * *

------------------------------------------------------------

i still cant be heard, and in the options

settings/sound input output settings/activate local test mode

when i click that before i could hear myself talking, and before i could press my binded button and be heard, but in the past 40 or so minutes it hasnt been working, and that has all been since this keypress.dll issue came about

any suggestions?

i know you said report back after downloading the file, i did, are you there?

can you please help me out, or should i just go about cancelling subscriptions to servers for various clans / groups.

id rather buy every one a cell phone then have to pay for somthing that no one can hear me on :(((((

works perfect@!

give the dudes some time you cock. there's something wrong on your end. it worked the first time i put it in.

ok, seeing has how it has worked FLAWLESSLY for years, through updates and such, and to have this problem, i WOULD HIGHLY DOUBT its on my side, and if it is on my side, IT WAS WORKING BEFORE THIS KEYPRESS.DLL problem.

and i never rushed him, there is a green light next to my name saying im ONLINE, and his is NOT ON, so i was saying, where are you... how come your not online... can you help me fix the problem.

so dont jump on my back buddy

can you please help me out, or should i just go about cancelling subscriptions to servers for various clans / groups. :confused:

Dude, chill out! :mad:

These guys have done an outstanding Job coming up with a solution so fast.
Great Job TS team! :D

And fighterx, your gonna cancel your subcriptions cause your out a server for the evening? Get a life! :rolleyes:

McAfee eventually reported the new KeyPress.dll as a trojan and deleted it. It also found another file A0066391.dll which it also reports as a PWS-Wexd.dll trojan. This was burried deep in the \System Volume Information\_restore... directory. Something very strange is happening here... Is the infection happening while TeamSpeak is online?

Zenbob I got the same error....I left teamspeak on went to the store and came back and Mcafee antivirus said I had 2 trojans......and that they deleted them...something about volume or something...

@FighterX:
please try this one and report back...
------------------------------------------------------------

* * * * * * * * * * * * * * * * * * * *
USE THE ATTACHED FILE
TO FIX THE PROBLEM
* * * * * * * * * * * * * * * * * * * *

------------------------------------------------------------
Just replaced mine with this and its ALL GOOD ;)

uh oh brain looks like I started a commotion :D same thing happened to me I'm going to install that zipped file when I get home tonight

ok just updated mcafee enterprise, load ts and got keypress.dll error message, so i check forum seen this done what it says, and it working again.

p.s possible reason why norton user ain't having this problem is that the last few months norton hasn't be doing it job well, as i many of my friend who have only ever use norton and nothing else, were have problems so i said to run virus scan nothing turn up so i say to uninstall norton and install another virus scaner like mcafee or Symantec, low in behold they had 20 odd virus's on their system and i ain't talking about one friend, im talking about 10 people, who all had norton, try one of the two virus scanner and found virus on thier system, that norton was saying was clean.

I've been working as IT-chum for a desaster response unit of the federal german government. Each station has a terminal server with an internet connection, running Windoze 2000 and the complete Symantec suite. Appearantly they negotiated a long-term contract or whatever. Well, this computer is also the database server and it's running Microsoft SQL Server. When slammer came out more and more terminal servers became infected, despite up-to-date symantec AV and firewall. It seems there has been some... flaws in the software...

If you're looking for a fast, reliable virus scanner that's up-to-date (when blaster was on the rise I saw they updated their AV definitions three times a day) you should take a look at www.free-av.de - it's free as well for personal use.

I started getting this error on wednesday June 2nd. I have tried everything i know to do but cant seem to get it fixed.. FUnny thing is that i get this error each time i start up teamspeak but i click close and ts loads up and works just fine. even the keypress.. I would like to get rid of the error.... I have the latest version of macfee but im not for sure how to adjust my macfee... all i know how to do is to turn on my macfee lol....

THE ERROR IS: "Could not find/load keypress.dll" Macfee says it deleted this file because it is a trojan virus. I have uninstalled and reinstalled several times but get the same error.. help....

Apollo :confused:

Just download the above dll from R. Ludwig. Unzip and put in your main TS file, the message will go away.

This is kinda strange, I did a scan last night after I put in the new DLL and found no viruses. But when I got up this morning, I had the little red screen from Mcaffee saying another was found and deleted from System Volume Information. Wonder why this was not found in the scan. TS seems to be working ok.

The same problem happend to me, but the dll they released fixed it... as for that virus that was found in your restore.. its also something that it picked up from the old dll.. i deleted it and its still working fine.. the reason i think ur virus scan didnt find it when u manually did it is because its a "hidden" file..

No worries guys i emailed the mcafee web immune site and they told me it was a flase positive and will be fixed in the next dat, on about what the email can be found here: http://forums.mcafeehelp.com/viewtopic.php?p=149056#149056


In the meantime set mcafee to exclude the folder with the dll in it. This will be fixed in the next dat so no worries, im just gonna wait for that then install the new Dll.

McAffe updated itself today, and when i started Teamspeak it said i had a trojain in a file called "keypress.dll". The trojan was called "PWS-Wexd.dll ". I deleted the file and reinstalled Teamspeak. But once again McAffe warned me about it. Is it a Trojan in it or is it McAffe that is fuxxed up?
info about the trojan here (http://vil.nai.com/vil/content/v_117956.htm)

please use forum search! dont create 200 threads on same topic. thanks


http://www.teamspeak.org/forums/showthread.php?t=14276

I just reseved a extra.dat file from mcafee.
download it and past to your mcafee folder where scan.dat is located.

http://hem.passagen.se/lfj/Download/EXTRA.DAT

Right click and use save as...

R. Ludwig, I downloaded your keypress.dll and scanned it with McAfee and found no virus.

I then tossed it into my main TS folder and no longer got the message file is missing. McAfee also does not remove the file when I start TS again.

Is this a fixed DLL? Was the TS DLL we had really infected with a trojan?


Can you please send that file to me. I'm new to TS and I want to use it very much but cant seem to get that elusive file

Just started noticing this since my last anti-virus patch, KeyPress.dll (a library used by TS Client) is seen by McAfee as a virus and is quarantined/deleted. Attempts at reinstalling the client error at the point when KeyPress.dll is copied (and fails) to my machine. The rest of the install goes well if I "ignore" the error.

Install error is as below:
"C:\Program Files\teamspeak2_RC2\KeyPress.dll

An error occured while trying to rename a file in the destination directory:
MoveFile failed; code 5.
Access is denied." (I'm the administrator for this machine)

The problem seems not to really affect TeamSpeak (it still works), except for the "KeyPress.dll missing" error popping up during load, plus it was unnerving to see McAfee treat it as a virus. BTW: I have normal settings for my AV software - no paranoid heuristics settings.

- SchleppingSquid

http://www.teamspeak.org/forums/showthread.php?t=14276

i got the same trojan alert using mcafee, now i looked on the forums and i cant seem to find the link to that keypress.dll file that r ludwig put up, can any one give me another link ?

It is here (http://www.teamspeak.org/forums/attachment.php?attachmentid=389) and if you had actually read this thread, you would have found it.

next time i choose font size 500000....

I just updated my virus scanner and it turns out the scanner took the file "Keypress.dll" as a virus. I deleted the file and re-installed teampspeak, however, when the installer touched the keypress.dll file, the scanner stopped installation saying that once again, it was the virus "PWS-Wexd.dll" but in McAfee, it's known as "PWS-Wexd". I'm really concerned about this virus since it steals passwords. I would like to know if anybody else have experienced this, and if this file really is a virus. Thank you.

Look at this Thread => http://www.teamspeak.org/forums/showthread.php?t=14276

This is getting freaky, I got the keypress.zip thing and McAfee still says it's a virus...so...really, TS developers...what's going on?

From reading through the various threads on this, id say nothings going on, all you are doing is passing the same .DLL file around as the one thats installed originally. From the sounds of it mcafee's new scan engine or virus discription file is throwing up false positives on a harmless file and deleting it (because you guys have got your AV software set to delete on find), somebody has already said theres a release about it on the mcafee website (havent checked). Im using the exact same .DLL file as you are and Trends not showing up a thing, cause there is nothing to show.
LOAM

Antivir (http://www.free-av.de) doesn't show anything either. One or two weeks ago somebody reported that phenomenon with another virus scanner, Stinger perhaps? I can't remember.

I recently had to buy a new hard drive and reinstall winows XP. When I try to install TS is gives me this error:

C:/Prgram Files/TeamSpeak2/Keypress.dll

An error occured trying to rename a file in the destination directory
MoveFile failed; code 5
Access denied

I've tried getting the keypress.dll file from other people but my virus scanner picks it up as a trojan and deletes it. I've tried skipping that file in the installation and when I start up TS it tells me it cant find the file and won't save my seetings.

I never had this problem with TS before. Anyone know why and/or how I can fix this?

Sorry, didn't see the topic below about this same problem.

:mad: I have the same problem. Can someone post a clean Keypress DLL that I can copy?

Has anyone been able to fix this problem? If so, please explain how to fix it.

Thanks

Prop

I downloaded TS from this site and it contains a trojan...any explanations???

http://gotfrags.net/images/wtf.jpg

http://www.teamspeak.org/forums/showthread.php?t=14276

please search next time before you post.

Thank R. Ludwick for such a quick fix while McAfee stands around with the ol' thumb up their ass. I know there are a bunch of people here who appreciate the fix even though it was not a Teamspeak issue, but a McAfee issue

http://www.teamspeak.org/forums/attachment.php?attachmentid=389

LINK TO FIXED KEYPRESS.DLL JUST PUT IN UR TEAMSPEAK FOLDER FROM R.LUDWIG

I'll only say what I know. Yesterday I had the same problem as everyone else.
Keypress.dll and PWS-Wexd.dll. McAfee found it and deleted it as infected. I followed all the posts and tried the downloadable keypress.dll for replacement and used it. Worked fine for Friday's game. Today keypress.dll and svhost.exe are reporting it.
I'm no genius but I'd say you have the real deal here.

Today keypress.dll and svhost.exe are reporting it.
I'm no genius but I'd say you have the real deal here.
I agree. It's a bogus report so keypress.dll should be the one and only infected file reported. If it is not then either you have multiple installs of TS, another program produces a similar bogus report or you really have a virus. I think the last is the most probable.

I've been having the same problems here also

Im getting the same problems as Fighterx. I can hear everything but no-one can hear me even if I try voice activate instead on key press.

I'v deleted TS and McAfee... Reinstalled TS and the keypress.dll file I still cant talk to anyone but can hear

need help b4 I format and try again....

I fixed ts, made it exactly the same way it was before this shit started happening, and Mcafee has NOT picked up this trojan again. HMmmm. I actually picked up this trojan off a bad link on Wednesday nite, and Mcafee got it right away, I was not using teamspeak at all.
just be a little cautious is all : )

just download link that is on the first post of this thread, install teamspeak with that error for the keypress.dll (ignore it) than just paste the keypress in the teamspeak directory, and it should be fixed

sorry if i repeated this, i might of missed a couple of posts

also this trojan gets into your system/restore directory So...when u delete it from all of your team speak directories, u then have to shut of system restore, reboot, then turn on system restore again and voila! fixed. not shutting off system restore will cause trojan to come back>

:mad:

This Updated keypress.dll does NOT work. McAfee has NOT released an Update.

SO Do any of the actual Teamspeak developers know about this or are there just going to be the same bogus file passed around this thread?

How could it be for one of the developers to recode a few lines of coding? Anyone got a solution to this wreck of a problem? I am starting to think about Roger Wilco if this doesn't ge fixed any time soon.

Laters

Let's all stop and take a breath.
Sorry for the long message.

It appears to me we had or have a real virus here we're messing with. That's my opinion based on the fact that it acted like one outside of keypress.dll, and I think any discussion of turning off scanning, of a file reporting positive was to say the least, premature. As is saying the file is bad before you finish killing the virus.

The new file seems to be ok. All the answers are in this thread. Be open to the truth. This is how it played out for me and I'm sure it will for you if you've managed to kill it and delete it from restore.

Below is the Vscan Log that appears to show Mcafee found the virus and deleted the keypress.dll on Friday at 5 something pm. I replaced it with the new version but failed to turn off system restore (My problem not the developers). This was Friday. Today Mcafee finds the virus in restore at noon and waits several hours before deleting it (12hours), but eventually it does.

TS still works and the new keypress file is still intact and residing in it's home,
happy and content in it's job.

Here's the log, proper.

6/4/2004 5:30:45 PM No Action Taken MyMachine\userid C:\Program Files\teamspeak2_RC2\KeyPress.dll PWS-Wexd.dll
Found it
6/4/2004 5:31:03 PM Deleted C:\Program Files\teamspeak2_RC2\KeyPress.dll PWS-Wexd.dll
Deleted it
6/6/2004 12:40:39 AM No Action Taken NT AUTHORITY\SYSTEM C:\System Volume Information\_restore{87925209-405C-42A6-8FEE-9CF10CC35238}
\RP746\A0079600.dll PWS-Wexd.dll
MCafee finds the virus in restore
(Truncated for alerts in between trying despirately to tell me to take care of the problem.)
6/6/2004 12:31:55 PM Deleted C:\System Volume Information\_restore{87925209-405C-42A6-8FEE-9CF10CC35238}\RP746\A0079600.dll
and eventually deletes it.
Finishing the nasy saga

Lesson, so far. Get the new file and kill the virus (including that which made it to restore) and Never assume it's "Just Mcafee acting up", automatically.

SWIM,
Stop,
Warn others,
Initiate the cleanup,
Make sure the area is secure until help arrives. (Ok this doesn't really fit)
how about-
Make sure you don't just add chatter to an already bad situation.
Not saying that's you bud, no offense.
If you ever heard of SWIM your probably a nuke.:cool: Get a real job , hehe.

Do so following the abundant instructions in this thread.
Then smile, and get back to playing. Stuff happens.

Oh btw, TS Guys, thanks for the update and thank you for TS we've enjoyed using it for lunch battles at work and more.

Whoever said, to turn off the file warning for this virus, I guess you learned something too. ;)

Again, That is, if I'm right about all this..............
.................................................. ................ maybe I ain't.

On an end note, I think the download needs to be fixed if it hasn't been so this doesn't keep up.

Kip

I'll never forgive myself for using my own name here.
Narrows the response options something fierce.
lol

:mad:

This Updated keypress.dll does NOT work. McAfee has NOT released an Update.

SO Do any of the actual Teamspeak developers know about this or are there just going to be the same bogus file passed around this thread?

How could it be for one of the developers to recode a few lines of coding? Anyone got a solution to this wreck of a problem? I am starting to think about Roger Wilco if this doesn't ge fixed any time soon.

Laters

ok hf and bye.

Kip Ryan: What makes you so sure this virus report is not bogus?
McAfee Virus description (http://vil.nai.com/vil/content/v_100476.htm)
The TS Client in its current version has been in use for... well, I don't know how long but it has been VERY long, probably almost a year by now.
After the first report of an alleged Trojan horse in the keypress.dll I've taken the following steps:
- Portscanned my Windoze box from my Linux box. No suspicious or unusual ports open
- Used a packet sniffer to listen on the traffic from the Windows box and visited a few of the sites specified in McAfee's virus description. No SMTP traffic and no traffic at all to smtp.bol.com.br
- Checked for the files the Trojan is said to create: there were none.
- Same for the registry entries.
- Finally booted from a Knoppix CD and checked for the files again: still none.

Conclusion: This is a bogus report.

Note that this doesn't mean you can't have that virus. It only means that I don't have the virus.
Given the fact that this virus is old (first discovery in July 2003), probably as old as the current TS client itself, why would it only be discovered now? Thousands of people have downloaded and used this TS client and have scanned it with their virus scanners of different makes and with different virus definition files.
Given this background it seems hard to believe that if your PC was infected with PWS-Wexd it came from Teamspeak.

Brain,

I'm not positive, I'm only pretty sure, it's the apparent attempt to jump
from where it is to other files that makes it seem that way.

Maybe I'll send it to nai for a look to be sure.

kip

I'm only pretty sure, it's the apparent attempt to jump
from where it is to other files that makes it seem that way.
The NAI virus description says that this virus doesn't self-replicate and is instead spread manually. So this could mean you have somehow gotten a previously unknown variant, it is another virus trying to mask itself or it's the way Windows System Restore works (backups of files/directories don't have the original name).
Nonetheless, sending it to NAI doesn't hurt, after all you paid for their software and service, right? ;)
I doubt it would achieve anything either, given the way they've been dragging their heels lately, but oh well, wonders still happen :P

Update: I've just run an online update of antivir (I update weekly, and daily when a new one is out) and guess what, it suddenly reports PWS-Wex in keypress.dll too... but I can't find any traces of the alleged trojan, i checked my system again as stated earlier. WTF is going on here...? Now I'm completely confused.

I reinstalled with VScan off and zipped up the possibly infected file and sent it to McAfee (Nai). I'll let you know what I hear from them.

I have a little Problem with the new DLL. I'm using a Logitech MX700 mouse, and used one of the mouse buttons (numberd button 3) on the side to activate speaking. With the new DLL this only works if the TS client has the focus, but not if it doesn't have the focus :( Other mouse buttons like the right mouse button work fine, not matter which program has the focus, but that's not really an option. Any idea how to fix that?

Well I was wrong it's a false positive, here is the confirmation from McAfee

-Kip

>>>>>
A.V.E.R.T. Sample Analysis

Virus Research Analyst: Brant Yaeger

Identified: No Virus/Trojan

AVERT(tm) Labs, Beaverton, OR
Solution - Attached is an extra.dat with correct detection.
This correction will be included in the next DAT update.
It's supposed to be permanently fixed in the next official
release.

EXTRA.DAT
Extra.dat (file://www.teamspeak.org/forums/attachment.php?attachmentid=&stc=1) for download


This should be used with any of the McAfee AV Scanners. The file should
be copied into the directory where the other DAT files reside. Using the
find/search utility on your computer search for the following
file:
SCAN.DAT

Then copy the Extra.dat we have sent you to the same folder where one
of the above is located. Once you have copied the file, reboot the system
for the driver to be loaded

I just remember the trojan on nnscript (popular irc client addon). It took more than a week until the developers of nnscript detected that the virus scanner was right and they're wrong. So be careful ;)

This should be used with any of the McAfee AV Scanners. The file should
be copied into the directory where the other DAT files reside. Using the
find/search utility on your computer search for the following
file:
SCAN.DAT

Then copy the Extra.dat we have sent you to the same folder where one
of the above is located. Once you have copied the file, reboot the system
for the driver to be loaded

---End qoute...

Not to seem too paranoid, but since I got the Aledged "Trojan" from this
site I'm a little leery of downloading the aledged fix from the same site...

You wouldn't happen to have a link to Mcaffee's site for this download?

All,

What freaks me out about this situation is that I installed the same TeamSpeak binary 2.0.32.60 (Client for windows) on 2 other PCs and set them up to use the same keys for muting the mic and etc that I did on my main PC and the program doesn't even install a keypress.dll. When is this file normally generated by TeamSpeak?

Lewis

Sorry bud, they just sent the file. Searching won't find
where they have it stashed on their site. In a pinch if
you tell me where to send it in a private note i'd be
happy to pass it on. If it makes you feel any better
I'd trust them. None of this is apparently their fault.

The new keypress also works.

kip

all's i can say is that the file I downloaded from first post in this thread worked fine, I'm fixed, and mCafee does not pick up the keypress.dll as a trojan anymore. there are a couple of keypress.dll file flying around, the one u want is 15 kb, I had one that was 10kb a didnt work. If u do this fix and you keep getting this trojan or "whatever it is" just try turning of system restore deleting the bad file, rebooting, then do the fix, worked 4 me.

I just started up Team Speak and my Norton Antivirus just caught keypress.dll as a virus...

I grabbed the dll file off this forum and replaced it, and i'm fine now. It doesn't come up with anything when i scan the file directly.

I wanted to post because I didn't see anyone else with a problem from Norton AV...and see that almost every case is McAfee.

I've got a lot of worried people in my clan, and I just came here to see if this was a legitimate problem or not after getting the virus warning myself.


Thanks.

Funny I still us my TS without the keypress.dll. McAfee found it few days ago and deleted it. I get the error when I load TS and I click OK and it still functions with out any problems. Go figure, guess keypress.dll isn't all that important. I have other clan members that have deleted it as well and still use there TS without any issues.

The funny thing is none of us detected the "virus" until one of our members started having an issue with echo in his TS. He opened his TS up and McAfee jumped all over it and this was very recent. I run my McAfee every night and it didn't detect this "virus" until recently. I keep my virus program updated loyally so I am having a problem believing that it is a false hit. McAfee detected 2 files in TS that were infected and cleaned one and deleted the other. Same with my clan members who discovered it via there virus scan.

Is it possible it is being passed around by the server client relationship?
Or is it just coincedence..?

Hello,

I will try the zip file to see if it helps me. I use an Anti-Virus Program called AntiVir, it's based out of Germany, they have a Business Version that cost money and a Personal Version that is free. I've used it for over a year now and it works great, with updates all the time. AntiVir started quarantining this file just today.

AntiVir also posted while trying to download Team Speak that it found a trojan and it would quarantine it; the trojan was found :

C:\PROGRAM FILES\TEAMSPEAK2_RC2\IS-TGSUI.TMP

The Trojan horse TR/PSW.Wexd.DLL

I'm going to wait before I re-download anything. The Trojan just showed up today on my computer earlier this past evening. Thank you!

Your install program has an infected file. Keypress.dll is infected with the PWS-WEXD virus, a password-stealing trojan. I suggest you fix that. :eek:

hey people i need some help my virusscan wont clean this file, and it cant be deleted or quarantine. is there anything i can do?
HELP!!

if someone sent you a copy from there t-s would it deleat the bad 1 ?? over-write it and get rid of the virus ?? post your e-mail i will send a copy of mine . if it will work we can try !! enless someones got a diferant fix to try

The very first post with the keypress.zip file worked great. Thanx alot for that file. :)

TS has a virus in it

the file is keypress.dll and it has the PWS.Hooker.Trojan

scan if you don't believe me

delete is ASAP

I just recieved this warning also, but with the trojan listed above and from NORTON this time not McAfee.

Thank god you guys fixed this :) thank you so much from Argentina.

With the attached file on the first post its fixed on my computer, no more warning on any scanner or anti virus, McAfee, Norton, Stinger.

TS has a virus in it

the file is keypress.dll and it has the PWS.Hooker.Trojan

scan if you don't believe me

delete is ASAP

I just got the same warning from Norton Anti Virus 2004.

***CLOSED***

please check http://www.teamspeak.org/forums/showthread.php?t=14466

This morning I attempted to open TeamSpeak (as I have done on many, many occasions before) and as I did Norton Antivirus 2004 pop-ups telling me that it has detected a file in use called "Keypress.dll" and that it has been automatically deleted. After clicking OK on the pop-up TeamSpeak continues to load but gives me an error saying: "Cannot find DLL: Keypress.dll". I can only assume Keypress.dll is used by TeamSpeak as a means of capturing keyboard strokes. Norton must probably identified the code as Spyware trying to discover passwords, etc.

My question is, why has Norton all-of-a-sudden decided that this DLL is a threat? (LiveUpdate?) Can TeamSpeak contact Symantec to inform them of this false positive? Why doesn't TeamSpeak use DirectPlay to capture key input?

Thanks

I was just wondering do i even need keypress.dll to run teamspeak, cause im not gonna risk having a trojans on my comp. if i do need this file, i wouild like u guys to send me a .dll decompresser so i can read the code.

Hey guys just wondering if anyone knows about this. A few of us get this when starting up TS:

F:\TEAMSPEAK2_RC2\KEYPRESS.DLL
File has been moved to quarantine directory!
6/8/2004,11:19 WARNING: The Trojan horse TR/PSW.Wexd.DLL!
C:\PROGRAM FILES\AVPERSONAL\INFECTED\KEYPRESS.DLL.VIR

We run a linux server and all of us use windows clients.

Any help would be great.

See the post here. (http://www.teamspeak.org/forums/showthread.php?t=14466) Download the update. ;)

do you got the latest update for your a-v ?? the other post on this make it sound like it's not a virus ? but did say to relaod t-s to fix a-v warnings ?? with a newly replaced t-s client from the teamspeak.com website... any help :confused:

and yes you need it

i ran a full scan with norton's av and it picked up the PWS hooker virus in my TS files...it said it fixed it. will i have any more prob. or should i follow advice above?

It is the same issue. I recommend using the updated dll file to alleviate any future issues. :)

McAffee Virus Warning -merged thread- <---- look for this thread

or

Sticky: Virus Issue, infected keypress.dll ( 1 2 ) <--- or this one
R. Ludwig

Symantec AV quarentiens this file every time I install or run Teamspeak RC2 the latest version here is a thread from Symantec Security site on this virus

http://securityresponse.symantec.com/avcenter/venc/data/pws.hooker.trojan.html

is there a work around?
any ideas?

thanks guys :)

Its seems unreasonable that a false positive blamed on the AntiVirus programs and such would actually find that a majority of users who use Norton Internet Security can actually find the particular Trojan files on our systems and the program itself locked in quarantine.
I love this program, but after working all day with over 500 members on this issue, its not funny to come here and see its a finger pointing swap meet.
I as well as several members found ( Hksdll.dll & cti.exe ) on our registries and had to remove all instances of it and reload TS2 ......... if you copy TS2 over the top of old you won't lose any server data, BTW.

i keep getting a trojan pop up

http://securityresponse.symantec.com/avcenter/venc/data/pws.hooker.trojan.html

Sticky: Virus Issue, infected keypress.dll ( 1 2 )
R. Ludwig

or

McAffee Virus Warning -merged thread- ( 1 2 3 4 5 ... Last Page )
end0n9

you should look around fourms befor posting this has been delt with

you should look around fourms befor posting this has been delt with
you DEFINITELY should do that (=> search) !!!

=> CLOSED !

again: see my summary in this thread:
http://forum.goteamspeak.com/showthread.php?t=14466&page=6&pp=15