I ran an updated Mcafee scan two days ago and it located a Trojan in the Keypress DLL that was sniffing for passwords to send home. It would not be cleaned and was deleted.

I then uninstalled, re down-loaded teamspeak and tried a new install - during install Keypress.dll was blocked from installing.

I then got a new disk drive, formatted it put on XP (to avoid any chance of a cross over) and tried to install - again keypress.dll was blocked - presumably by Mcafee anti virus.

I also tried a download from the mirror site with identical results.

As a final check I downloaded and installed teamspeak on my PC at work - which has Norton anti virus, during install Norton detected two sections of "malignant" code which it repaired.

Conclusion:

There is a risk that the windows client software on the main and mirror servers is infected.

There is a chance that there is code within Teamspeak that both Mcafee and Norton anti virus are interpreting to be viral.

Can anyone check this out?

Thanks

I also had this problem. McAfee detected the virus PWS-Wexd.dll in the keypress.dll file. However, many instances of Norton AV didn't detect it. Moreover, some of the signs of infection as mentioned on this site: http://www.securitynewsportal.com/cgi-bin/mcafee.cgi?target=100476 weren't to be found on my PC. I did however send the file to the makers of Antivir, a German Antivirus company and they replied to me that there was indeed a new virus in the file.

Both my old installation file and a new one downloaded from this site appear to be infected. However, TeamSpeak seems to run fine without keypress.dll.

Any ideas?

I have also found this virus using McAfee on 2 isolated computers that aren't connected to each other.
My clan uses TS for its main voice chat server and considering we get anywhere from 20-50 unique connections to it daily I would appreciate getting any word on this ASAP

Some people use the search function and they will find info to this one (faster then when posting "ASAP" and other things in this forum) !
But I've be told that some people don't know what a search function is ???

for those who don't know what a search is (http://www.teamspeak.org/forums/showthread.php?t=14368)

Interesting, so Teamspeak 1 has a keypress.dll as well? And it produces the same virus warnings as the one of Teamspeak 2 as it seems. Very interesting indeed.

fyi some people in our teamspeak has this and we never download nothin off the net. i just posted here to let people know its not just u guys.

i wish there was more info about this. cuz if its somethin that could get dangerous quick it'd be nice to know. btw my mcafee couldnt clean it but it could delete it. heres the info.

trojan name = pws-wexd.dll
file causing problem = keypress.dll

also a handy dandy link to info about it. its the mcafee security site.

http://vil.nai.com/vil/content/v_117956.htm

hey, there is this new trojan that came out last week that affects teamspeak. as posted by battlebattle, there is info on the virus here: http://vil.nai.com/vil/content/v_117956.htm . battlebattle, you are the second person i've heard talk about the virus. please contact me on AIM at slayer0676, or my TS clan server IP is 207.235.122.37, thanks battlebattle... everyone in my clan thinks i'm crazy cause i cant use my keys- i have to use voice activation because the virus affects the file keypress.dll, which is the dll file that activates your push button to talk option. i'm not sure what to do about it so anyone that can help me.

slayer0676- AIM
slayer0676******.com-email

thanks

Hi,

There is a larger thread about this up under the English forum area. The first post sayes it is a false positive by McAfee, and there is a zip file that you can download to correct this. I'm not saying that's the answer...but that's what someone else posted. Please read the whole thread about the topic.

I use the Anti-Virus Program called AntiVir, it also found the same trojan and quarantined it. I then deleted the trojan. I then did a fresh download of Team Speak, and AntiVir stopped the download, quarantined and stated:

C:\PROGRAM FILES\TEAMSPEAK2_RC2\IS-TGSUI.TMP

The Trojan horse TR/PSW.Wexd.DLL

I think: I'm going to wait a few days before re-installing Team Speak. All I'm saying is that more than one anti-virus program has found this "maybe virus" or as someone else stated a false positive. Thank you!

i dont see how it could be a false positive because of a few things.

#1 people are finding it with different virus scanners. (mcafee, norton, antivir)

#2 people got it at completely different times. (one friend of mine got it more then a week ago and everyone thought he was nuts)

#3 keylogger makes some peoples teamspeak not work. but other peoples (like mine) work just fine without keylogger.dll

i dont know what to think of this. but thats the info i have so far. almost everyone in our teamspeak has it now. so it seems to be infective if its a real virus/whatever

an official response sure would be nice :/

yeah i have the same problem too

norton av detected it as:

PWS.Hooker.Trojan on the Keypress.dll

i have also found this virus present using Symantec corporate antyivurus althoug team speak did seem to run without the .dll

yea, my PC also found the trojan in key file.dll

i use Norton Antivirus2003, and frequently update it(like, three times a week)

i can still run TS though, even though that error message is annoying

The Problem is not a Trojan, Its a issue of COMMON sense...IMHO

1) The Hooker Trojan leaves registry additions that you have to deal with if it were present on your system.In this case none were found.
2) The back up key file produced by everyones Virus programs was still seen as a Trojan.

Its pretty clear to me that all the Virus programs put out a update that looked at the keypress.dll in a different light causeing this mass panic.Soon after they corrected there error with new updates + TeamSpeak updated the Client for d-load. Instead of giving teamspeak the bum rap E-mail your virus protection vender and give them the drama. Bottom line is run a firewall - virus, and spyware program and do manual updates and you should be fine.

PS Peeps who do have issues on there boxes usually are the ones who use d-load sites for cracks,hacks,porn and the like and have only themselves to blame for any issues that come up on there comps.

Later Cane........