Home Blog

GameVance Removal – How to Remove GameVance completely

Posted by in Blog Spyware
on November 10th, 2012 | Leave a comment

GameVance is a suspicious program and can be classified as adware and spyware. The software claim itself as an online gaming software that allows you to play free browser games or download games for free. However, it can not be uninstalled as a normal program and will conduct malicious activities on the background. GameVance will collect sensitive information ranging from screenshot and keystrokes, to website visited and system information. The information will be used to display advertisements you may be want to click on. Pop-up during browsing is very annoying but also dangerous. If you click on any pop-up by accident, a Trojan may be downloaded instantly on the background. Base on the fact, we highly recommend users to uninstall GameVance completely from their pc.

How to remove GameVance manually
The software can not be uninstalled via windows add/remove program. If you want to remove it manually, you need to delete all files and registry entries related to the malicious program.
1. Run task manager and stop GameVance from running
2. Remove following files and folders

%UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar
%UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest
%UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
%UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt
%UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\gvtl.js
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\manifest.json
%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\npgvtl.dll
%ProgramFiles%\Gamevance Games

3. Run registry editor and delete malicious registry entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Gamevance” = “C:\Program Files\Gamevance Games\gamevance32.exe a”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GamevanceText.DLL\”" = “GamevanceText”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GamevanceText.DLL\”AppID”= “{beaC7DC8-E106-4C6A-931E-5A42E7362883}”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\InprocServer32\”" = “C:\Program Files\Gamevance Games\gamevancelib32.dll”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\InprocServer32\”ThreadingModel” = “Apartment”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\”" = “Gamevance”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\VersionIndependentProgID\”" = “GamevanceText.Linker”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\TypeLib\”" = “{014C4232-6904-47B9-9144-7E0FB7277444}”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\ProgID\”" = “GamevanceText.Linker.1″
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32\”" = “C:\Program Files\Gamevance Games\gvtl.dll”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32\”ThreadingModel” = “Apartment”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\”" = “Gamevance Text”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker\CurVer\”" = “GamevanceText.Linker.1″
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker\CLSID\”" = “{beaC7DC8-E106-4C6A-931E-5A42E7362883}”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker\”" = “Gamevance Text”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker.1\CLSID\”" = “{beaC7DC8-E106-4C6A-931E-5A42E7362883}”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker.1\”" = “Gamevance Text”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\”" = “Gamevance”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}\”NoExplorer” = 0×00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\”" = “Gamevance Text”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beaC7DC8-E106-4C6A-931E-5A42E7362883}\”NoExplorer” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance\”DisplayName” = “Gamevance”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance\”UninstallString” = “C:\Program Files\Gamevance Games\gvun.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance\”DisplayIcon” = “C:\Program Files\Gamevance Games\gvun.exe”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control\”ActiveService” = “stisvc”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”maxdday” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”maxtoday” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”les” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”uid” = “[UID STRING]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”ct” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”ci” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”cid” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”sc1u” = “http://links.gamevance.net/common.php?p=”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”d” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”esint” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”domfqc” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”domfqt” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”sc2u” = “http://links.gamevance.net/keywords-cli.php?p=”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”nos2″ = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”domfqcl” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”scr1″ = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”eu” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\AppDataLow\gvtl\”eus” = “[BINARY DATA]“

A quick way to get rid of GameVance
It takes much time to find out all items of the software. If you do not have so much time or if you do not know how to remove it manually, you should download a virus removal program which can remove the threat completely. Since some security programs classify GameVance as threat and put detection on it, you can choose such kind of security programs to clean up your pc. For example, Spyware Cease, an advanced antispyware program, is one of those that can remove GameVance instantly after a scan. You just need to download the program, run a scan and then click a remove button.

Leave a Reply