You are here

Norton reports PUA.Gamevance after installing FFP 77.0.1

8 posts / 0 new
Last post
JoePublic
Offline
Last seen: 2 years 2 months ago
Joined: 2020-06-12 22:08
Norton reports PUA.Gamevance after installing FFP 77.0.1

This involves Firefox Portable 77.0.1. I've used the portable version for a long time and never had any problems with it or any software from this website.

Norton AntiVirus reports the download safe. But after I install it on my local drive, and Norton runs a scan, it reports PUA.Gamevance in the registry (approximately 40 registry entries). That is amazing since the portable version doesn't write to the registry. Or does it?

I then uninstalled Firefox, cleaned the malware (I ran Norton AntiVirus, Norton Power Eraser, and Malwrebytes AntiRootkit). I rescanned. All was clean. I then downloaded a new copy of 77.0.1 from this website. Again, Norton was OK with the downloaded file. I reinstalled Firefox and then ran another Norton scan. Now, I find the same registry entries for PUA.Gamevance. I did nothing else between the two installations so nothing else can account for this.

Any suggestions or comments? I can't figure out why or how the downloaded file installed PUA.Gamevance, and I don't know if I can trust Firefox Portable.
Thx

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 20 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Firefox Portable is clean

Firefox Portable 77.0.1 is clean, as always. That's why Norton is letting you download it. You can see the clean report on VirusTotal (ignore the usual noise from Jiangmin and Antiy): https://www.virustotal.com/gui/file/cf55b6fc9cfffdd36d236a428e9118e90cb4...

Likely, you have PUA.Gamevance on your machine already and it's instantly latching into any version of Firefox that is run/installed on your system, hence the reappearing registry keys.

PUA.Gamevance appears difficult to remove and requires multiple steps. Please see one of the how to's online and don't rely on Norton to remove it for you (it likely can't fully remove it).

Sometimes, the impossible can become possible, if you're awesome!

JoePublic
Offline
Last seen: 2 years 2 months ago
Joined: 2020-06-12 22:08
Thank you. I ran Trend Micro

Thank you. I ran Trend Micro House call and it found nothing. I'll see what I can find on removing PUA.Gamevance. Funny, this laptop is only used for work and for reading news. And past scans never found anything.

I appreciate your quick response.

JoePublic
Offline
Last seen: 2 years 2 months ago
Joined: 2020-06-12 22:08
Last status: I removed

Last status: I removed Firefox Portable, then I ran Norton AntiVirus, followed by this list, to see if anything was left behind after Norton removed the PUA.Gamevance registry entries:
1. Avast (I disabled Norton while running)
2. Revo Uninstaller
3. Adwcleaner
4. Malwarebytes AntiMalware
5. Hitman Pro
6.Zemana Antimalware
7. Re-ran Norton.
All clean except that Zemana found my thunderbolt drivers. But no adware, no malware.
Then I downloaded another copy of Firefox Portable from this website. Norton was OK with the download.
I then install FFP and ran it. Closed FFP before running Norton. And Norton again finds PUA.Gamevance registry entries.

I don't know what to do now. It does seem that FFP is doing something that it shouldn't, but I have no way of finding out if it is the issue or not.

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 20 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Download From, Other Steps, Other User Experience

First, where did you download from? If directly from us, did you verify the MD5/SHA256 and check for our digital signature? If via the platform, you're good as it automatically verifies.

Second, it's complex to remove. Here's one set of instructions I found: https://malwaretips.com/blogs/remove-game-vance-ads/

Third, here's another user with a similar experience back in February. It's what I suspected with you, it was already on their drive and running any instance of Firefox portable or local causes the registry entries to appear as the processes are sitting there waiting for the opportunity. They wound up going back to an earlier C: image: https://community.norton.com/en/forums/firefox-6842-portable-puagamevance

Sometimes, the impossible can become possible, if you're awesome!

JoePublic
Offline
Last seen: 2 years 2 months ago
Joined: 2020-06-12 22:08
Thank you very much. It

Thank you very much. It seems that there is a deep problem here. I'll check the other links you posted. I may have to have my IT dept. re-image the drive.

CeeBee
Offline
Last seen: 2 years 3 months ago
Joined: 2020-07-05 03:52
PUA.GameVance

John, I'm that Norton Forum user referenced above. I downloaded FirefoxPortableESR_68.10.0_English.paf.exe (from your site) yesterday assuming-hoping that the problems experienced back in February were no-more. Wrong!

I got the same PUA.GameVance infection as last time. Rather than attempting a detailed-complex removal, I re-imaged my C: drive. Problem solved.

Your assumption that this bug is/was already on my drive waiting-lurking for any Firefox instance to load doesn't hold imo, as I have used Firefox ESR for ages without any PUA.GameVance infections. From my perspective, further tries to use FFP isn't worth my efforts.

JoePublic
Offline
Last seen: 2 years 2 months ago
Joined: 2020-06-12 22:08
PUA.GameVance

The problem is back with FFP 79. After trying to isolate the cause for weeks, it just went away. At the time I was using FFP 78.0.2. No websites or anything I worked on, no programs, caused it to return. Until, that is, I upgraded to FFP 79. I was stunned. I removed FFP 79 and replaced it with FFP 78.0.2 and the problem returned. I couldn't believe it. And yes, I downloaded FFP from this website.

A couple of details: I'm also running FF 79 from the Mozilla website and it's OK. No Gamevance. Also, my other computers run the same software as this laptop, including FFP, and there are no indications of Gamevance. That tells me that FFP doesn't itself write the registry entries. But FFP triggers something else on this laptop to write them. Finally, the ONLY indication of Gamevance that Norton finds is in my registry. No program files or folders are written to the SSD. No websites popup, no other issues with FFP or any aspect of my laptop.

This is nuts. I've ran a dozen programs to clean this laptop of malware etc. and all report nothing or minor, unrelated issues, like the fact that I hide desktop icons. I give up. For now I've removed FFP.

Any thoughts or ideas are welcome. Many thanks.

Log in or register to post comments