Content
GameVance
- Type
- Program
- SubType
- Win32
- Discovery Date
- 04/23/2008
- Length
- Minimum DAT
- 5280 (04/23/2008)
- Updated DAT
- 5388 (09/19/2008)
- Minimum Engine
- 5.2.00
- Description Added
- 04/23/2008
- Description Modified
- 08/21/2008 4:25 AM (PT)
Tab Navigation
Characteristics
Gamevance is online gaming software which collects anonymous usage information and also displays pop-up ads.
When executed, the installer displays a EULA and a privacy policy. It also explains the purpose and functionality of the application. Abstracts from the EULA are below:
“In exchange for offering you free games, we collect anonymous usage information from your computer that we and our partners may use to select and display pop-up and other kinds of ads to you and to perform and publish research about how people use the Internet.”
When executed it drops the following files:
%Temp%install.exe
%Desktop%\Gamevance.url
%ProgramFiles%\Gamevance\ars.cfg
%ProgramFiles%\Gamevance\gamevance32.exe
%ProgramFiles%\Gamevance\gamevancelib32.dll
%ProgramFiles%\Gamevance\gvcfglib.dll
%ProgramFiles%\Gamevance\gvhlp.dll
%ProgramFiles%\Gamevance\gvpop.dll
%ProgramFiles%\Gamevance\gvun.exe
%ProgramFiles%\Gamevance\gvutil.dll
%ProgramFiles%\Gamevance\gvwslib.dll
%ProgramFiles%\Gamevance\icon.ico
Creates the following auto start entry in the registry to launch itself at windows startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Gamevance" = %ProgramFiles%\Gamevance\gamevance32.exe
It also changes adds the following registry entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance
"DisplayName" = GameVance
"UninstallString" = %ProgramFiles%\Gamevance\gvun.exe
A screenshot of the welcome screen with EULA:
Symptoms
Method of Infection
Variants
Variants
N/A
All Information
Overview -
Aliases
- Application/GameVance (Panda)
- Trojan-Downloader.Win32.Small.gkk (Kaspersky)
Characteristics
Characteristics -
Gamevance is online gaming software which collects anonymous usage information and also displays pop-up ads.
When executed, the installer displays a EULA and a privacy policy. It also explains the purpose and functionality of the application. Abstracts from the EULA are below:
“In exchange for offering you free games, we collect anonymous usage information from your computer that we and our partners may use to select and display pop-up and other kinds of ads to you and to perform and publish research about how people use the Internet.”
When executed it drops the following files:
%Temp%install.exe
%Desktop%\Gamevance.url
%ProgramFiles%\Gamevance\ars.cfg
%ProgramFiles%\Gamevance\gamevance32.exe
%ProgramFiles%\Gamevance\gamevancelib32.dll
%ProgramFiles%\Gamevance\gvcfglib.dll
%ProgramFiles%\Gamevance\gvhlp.dll
%ProgramFiles%\Gamevance\gvpop.dll
%ProgramFiles%\Gamevance\gvun.exe
%ProgramFiles%\Gamevance\gvutil.dll
%ProgramFiles%\Gamevance\gvwslib.dll
%ProgramFiles%\Gamevance\icon.ico
Creates the following auto start entry in the registry to launch itself at windows startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Gamevance" = %ProgramFiles%\Gamevance\gamevance32.exe
It also changes adds the following registry entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance
"DisplayName" = GameVance
"UninstallString" = %ProgramFiles%\Gamevance\gvun.exe
A screenshot of the welcome screen with EULA:
Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A
