"gamevance" spyware removal

jeddy lee

So I have no idea what I did to have this happen as I'm usually super careful about this stuff, but apparently I got some spyware on my netbook. Or whatever it is refered to these days. Basically I get popups every 20 or so minutes on my internet explorer, then the description box in the left is this little gem:

This advertisement was served by Gamevance.com (GV) casual gaming network in accordance with your membership. GV is an ad supported community; the GV ads you receive support the free games and daily prizes we provide.

GV displays an average of only four ads per day while browsing online. If you would like to deactivate or uninstall your account and stop receiving ads you can do so anytime by clicking here.

And the click here part takes you to this webpage: and gives me these very suspicious uninstallation instructions:

We provide simple Uninstall/Removal method that erase all Gamevance files
Use our manual method by clicking the below link and launching the uninstall software. When
you complete the process all Gamevance files will be removed and no more Gamevance ads will be delivered to your PC. You must restart your PC for the process to be successful.

1) Download our latest Uninstaller from here: CLICK HERE

2) Run Gamevance Uninstaller and follow instructions (Click "Next" on first dialog window and then "Reboot" on second) -> your PC should reboot.

3) After reboot Gamevance should be completely removed from your system. To make sure, check for existence of Gamevance installation files in the Gamevance installation folder (%Program Files%\Gamevance - this is usually C:\Program Files\Gamevance\).

So can I trust their uninstallation instructions, or how do I go about getting rid of this?

underdonk

To be completely safe, rebuild. There's no 100% effective measure for getting rid of the vast majority of spyware floating around.

TychoCelchuuu

Try Malwarebytes.

Eat it You Nasty Pig.

Little bit of elementary googling says it's malware.

Malwarebytes will probably kill it, and there also seem to be some "remove gamevance" apps/manual instructions floating around.

evilmrhenry

From I removed it from a work computer, I don't think it was that hard to remove. It's more of the "We're a legitimate company, honest!" spyware than the "RESISTANCE IS FUTILE" spyware. Don't remember exactly what I did, though.

jeddy lee

Hmmm... showed up on the add/remove software option from the control panel. That may have done the trick, we'll see.

underdonk

jack eddy wrote: »

Hmmm... showed up on the add/remove software option from the control panel. That may have done the trick, we'll see.

It didn't. It's like cancer telling you it's in remission.

T-bolt

lol guess who joined up to post in this thread? (hint - it's the person who says it's completely OK to do whatever Gamevance tells you to in order to remove their "software".) :?

TetraNitroCubane

Seriously. The fact that he ended his post with four consecutive smilies and this isn't S&E is like a glowing neon sign. Don't trust that plant further than you can throw a uranium medicine ball.

I highly suggest that you follow Underdonk's advice and reformat your machine. If you don't know how the malware got on there in the first place, there's no way you can be sure it's gone. Modern rootkit malware is extremely nasty - if it ever gets that much control, it can easily 'hide' itself from even the most aggressive scanners, and do something ill to safemode.

Ignore mayal completely, and reformat and reinstall your OS (don't repair install) for peace of mind. It may seem like a hassle, but in the long run it's the only way to be sure.

Edit: Some details on the bug behind the spoiler:

Adware.GameVance can be installed onto a system from a malicious site or downloaded from an illicit game application. Once your system is infected with this adware, it will gain access to your personal information and send it to a remote attacker. And, of course, it is known for displaying a whole bunch of pop-up ads that cannot be stopped. Adware.GameVance may be very difficult to manually detect or remove because it is able to load at the startup of Windows.

The following files indicate the presence of Adware.GameVance on your system:
%ProgramFiles%\gamevance\gamevancelib32.dll
%ProgramFiles%\gamevance\gamevance32.exe
%ProgramFiles%\gamevance\gvun.exe
%ProgramFiles%\gamevance\ars.cfg
%ProgramFiles%\gamevance\ars.cfg
%ProgramFiles%\gamevance\icon.ico
%ProgramFiles%\gamevance\gvtl.dll

Below you can find additional registry subkeys that are created as a result of the installation:
HKCU\Software\gvtl
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance

shadydentist

Reformat, and stop using Internet Explorer. Install Microsoft Security Essentials (free for all Windows users), scan often, and give Firefox or Chrome a try.

SkyCaptain

shadydentist wrote: »

Reformat, and stop using Internet Explorer. Install Microsoft Security Essentials (free for all Windows users), scan often, and give Firefox or Chrome a try.

Don't forget to make a separate admin account that you only use to update and install programs. Create a different account, limited access, for day to day use. If you decide to use Firefox, get the NoScript and AdBlock+ addons. They're invaluable for making it safer to browse the web.

UncleSporky

While this is good advice, notice that there was a two month bump when the (apparently deleted) plant showed up to push his malware. this was proably taken care of long ago.

Also, better advice than to stop using Internet Explorer: upgrade to IE8 which is just as safe if not safer than the other browsers (one of only two with a sandbox mode).

SkyCaptain

Feh. Firefox forever. Fuck IE. I develop websites and I absolutely loathe writing CSS for IE period. Microsoft is such a fucking dick when it comes to standardization and interpreting CSS in their browser.