Home / malwarePDF  

Adware:Win32/GameVance


First posted on 04 February 2009.
Source: SecurityHome

Aliases :

There are no other names known for Adware:Win32/GameVance.

Explanation :

Adware:Win32/GameVance is detection for advertising components that display advertisements and track anonymous usage information in exchange for free online gaming experience at the Web address 'gamevance.com'.

Symptoms
System ChangesThe following system changes may indicate the presence of Adware:Win32/GameVance:

  • During installation of software from 'gamevance.com', the following message is displayed:


  • The presence of the following files:

    %ProgramFiles%gamevancegamevancelib32.dll
    %ProgramFiles%gamevancegamevance32.exe
    %ProgramFiles%gamevancegvun.exe
    %ProgramFiles%gamevancears.cfg
    %ProgramFiles%gamevancears.cfg
    %ProgramFiles%gamevanceicon.ico
    %ProgramFiles%gamevancegvtl.dll
  • The presence of the following registry subkeys:

    HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunGamevance
    • HKLMSoftwareClassesclsid{7370F91F-6994-4595-9949-601FA2261C8D}
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7370F91F-6994-4595-9949-601FA2261C8D}
    HKLMSoftwareClassesGamevance.Linker
    HKLMSoftwareClassesGamevance.Linker.1HKCUSoftwaregvtlHKLMSoftwareMicrosoftWindowsCurrentVersionUninstallGamevance

    Adware:Win32/GameVance is detection for advertising components that display advertisements and track anonymous usage information in exchange for free online gaming experience at the Web address 'gamevance.com'.

    Installation
    Win32/GameVance advertising components are installed via the Web site 'gamevance.com'. During installation, the following message or EULA is displayed:: The following files are dropped by the installer: %ProgramFiles%gamevancegamevancelib32.dll
    %ProgramFiles%gamevancegamevance32.exe
    %ProgramFiles%gamevancegvun.exe
    %ProgramFiles%gamevancears.cfg
    %ProgramFiles%gamevancears.cfg
    %ProgramFiles%gamevanceicon.ico%ProgramFiles%gamevancegvtl.dll The following subkeys are created to run the installed components at each Windows start and as a Web browser helper object: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunGamevanceHKLMSoftwareClassesclsid{7370F91F-6994-4595-9949-601FA2261C8D}
    HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7370F91F-6994-4595-9949-601FA2261C8D}
    HKLMSoftwareClassesGamevance.Linker
    HKLMSoftwareClassesGamevance.Linker.1 The following additional registry subkeys are created as a result of the installation: HKCUSoftwaregvtlHKLMSoftwareMicrosoftWindowsCurrentVersionUninstallGamevance

    Analysis by Cristian Craioveanu

    Last update 04 February 2009

     

    TOP

    Malware :