As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

"gamevance" spyware removal

jeddy leejeddy lee Registered User regular
edited December 2009 in Help / Advice Forum
So I have no idea what I did to have this happen as I'm usually super careful about this stuff, but apparently I got some spyware on my netbook. Or whatever it is refered to these days. Basically I get popups every 20 or so minutes on my internet explorer, then the description box in the left is this little gem:
This advertisement was served by Gamevance.com (GV) casual gaming network in accordance with your membership. GV is an ad supported community; the GV ads you receive support the free games and daily prizes we provide.

GV displays an average of only four ads per day while browsing online. If you would like to deactivate or uninstall your account and stop receiving ads you can do so anytime by clicking here.

And the click here part takes you to this webpage: and gives me these very suspicious uninstallation instructions:
We provide simple Uninstall/Removal method that erase all Gamevance files
Use our manual method by clicking the below link and launching the uninstall software. When
you complete the process all Gamevance files will be removed and no more Gamevance ads will be delivered to your PC. You must restart your PC for the process to be successful.

1) Download our latest Uninstaller from here: CLICK HERE

2) Run Gamevance Uninstaller and follow instructions (Click "Next" on first dialog window and then "Reboot" on second) -> your PC should reboot.

3) After reboot Gamevance should be completely removed from your system. To make sure, check for existence of Gamevance installation files in the Gamevance installation folder (%Program Files%\Gamevance - this is usually C:\Program Files\Gamevance\).

So can I trust their uninstallation instructions, or how do I go about getting rid of this?

Backlog Challenge: 0%
0/8

PS2
FF X replay

PS3
God of War 1&2 HD
Rachet and Clank Future
MGS 4
Prince of Persia

360
Bayonetta
Fable 3

DS
FF: 4 heroes of light
jeddy lee on

Posts

  • underdonkunderdonk __BANNED USERS regular
    edited October 2009
    To be completely safe, rebuild. There's no 100% effective measure for getting rid of the vast majority of spyware floating around.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • TychoCelchuuuTychoCelchuuu PIGEON Registered User regular
    edited October 2009
    Try Malwarebytes.

    TychoCelchuuu on
  • Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    edited October 2009
    Little bit of elementary googling says it's malware.

    Malwarebytes will probably kill it, and there also seem to be some "remove gamevance" apps/manual instructions floating around.

    Eat it You Nasty Pig. on
    NREqxl5.jpg
    it was the smallest on the list but
    Pluto was a planet and I'll never forget
  • evilmrhenryevilmrhenry Registered User regular
    edited October 2009
    From I removed it from a work computer, I don't think it was that hard to remove. It's more of the "We're a legitimate company, honest!" spyware than the "RESISTANCE IS FUTILE" spyware. Don't remember exactly what I did, though.

    evilmrhenry on
  • jeddy leejeddy lee Registered User regular
    edited October 2009
    Hmmm... showed up on the add/remove software option from the control panel. That may have done the trick, we'll see.

    jeddy lee on
    Backlog Challenge: 0%
    0/8

    PS2
    FF X replay

    PS3
    God of War 1&2 HD
    Rachet and Clank Future
    MGS 4
    Prince of Persia

    360
    Bayonetta
    Fable 3

    DS
    FF: 4 heroes of light
  • underdonkunderdonk __BANNED USERS regular
    edited October 2009
    jack eddy wrote: »
    Hmmm... showed up on the add/remove software option from the control panel. That may have done the trick, we'll see.

    It didn't. It's like cancer telling you it's in remission.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • T-boltT-bolt Registered User regular
    edited December 2009
    lol guess who joined up to post in this thread? (hint - it's the person who says it's completely OK to do whatever Gamevance tells you to in order to remove their "software".) :?

    T-bolt on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    Seriously. The fact that he ended his post with four consecutive smilies and this isn't S&E is like a glowing neon sign. Don't trust that plant further than you can throw a uranium medicine ball.

    I highly suggest that you follow Underdonk's advice and reformat your machine. If you don't know how the malware got on there in the first place, there's no way you can be sure it's gone. Modern rootkit malware is extremely nasty - if it ever gets that much control, it can easily 'hide' itself from even the most aggressive scanners, and do something ill to safemode.

    Ignore mayal completely, and reformat and reinstall your OS (don't repair install) for peace of mind. It may seem like a hassle, but in the long run it's the only way to be sure.

    Edit: Some details on the bug behind the spoiler:
    Adware.GameVance can be installed onto a system from a malicious site or downloaded from an illicit game application. Once your system is infected with this adware, it will gain access to your personal information and send it to a remote attacker. And, of course, it is known for displaying a whole bunch of pop-up ads that cannot be stopped. Adware.GameVance may be very difficult to manually detect or remove because it is able to load at the startup of Windows.

    The following files indicate the presence of Adware.GameVance on your system:
    %ProgramFiles%\gamevance\gamevancelib32.dll
    %ProgramFiles%\gamevance\gamevance32.exe
    %ProgramFiles%\gamevance\gvun.exe
    %ProgramFiles%\gamevance\ars.cfg
    %ProgramFiles%\gamevance\ars.cfg
    %ProgramFiles%\gamevance\icon.ico
    %ProgramFiles%\gamevance\gvtl.dll

    Below you can find additional registry subkeys that are created as a result of the installation:
    HKCU\Software\gvtl
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance

    TetraNitroCubane on
    VuIBhrs.png
  • shadydentistshadydentist Registered User regular
    edited December 2009
    Reformat, and stop using Internet Explorer. Install Microsoft Security Essentials (free for all Windows users), scan often, and give Firefox or Chrome a try.

    shadydentist on
    Steam & GT
    steam_sig.png
    GT: Tanky the Tank
    Black: 1377 6749 7425
  • SkyCaptainSkyCaptain IndianaRegistered User regular
    edited December 2009
    Reformat, and stop using Internet Explorer. Install Microsoft Security Essentials (free for all Windows users), scan often, and give Firefox or Chrome a try.

    Don't forget to make a separate admin account that you only use to update and install programs. Create a different account, limited access, for day to day use. If you decide to use Firefox, get the NoScript and AdBlock+ addons. They're invaluable for making it safer to browse the web.

    SkyCaptain on
    The RPG Bestiary - Dangerous foes and legendary monsters for D&D 4th Edition
  • UncleSporkyUncleSporky Registered User regular
    edited December 2009
    While this is good advice, notice that there was a two month bump when the (apparently deleted) plant showed up to push his malware. this was proably taken care of long ago.

    Also, better advice than to stop using Internet Explorer: upgrade to IE8 which is just as safe if not safer than the other browsers (one of only two with a sandbox mode).

    UncleSporky on
    Switch Friend Code: SW - 5443 - 2358 - 9118 || 3DS Friend Code: 0989 - 1731 - 9504 || NNID: unclesporky
  • SkyCaptainSkyCaptain IndianaRegistered User regular
    edited December 2009
    Feh. Firefox forever. Fuck IE. I develop websites and I absolutely loathe writing CSS for IE period. Microsoft is such a fucking dick when it comes to standardization and interpreting CSS in their browser.

    SkyCaptain on
    The RPG Bestiary - Dangerous foes and legendary monsters for D&D 4th Edition
This discussion has been closed.