Jump to content

Recommended Posts

What is Driver Identifier?

The Malwarebytes research team has determined that Driver Identifier is a "driver updater". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
This one also shows advertisements for other PUPs in the scan results.

How do I know if I am infected with Driver Identifier?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, and your startmenu:

icons.png

and see these warnings during install:

warning1.png

warning2.png

and these screens during "operations":

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

How did Driver Identifier get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove Driver Identifier?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

Is there anything else I need to do to get rid of Driver Identifier?

  • No, Malwarebytes removes Driver Identifier completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the Driver Identifier installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
 

protection1.png


and we block access to their domain:
 

protecvtion2.png


Technical details for experts

You may see these entries in FRST logs:
 

(Driver Identifier) C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe
C:\Users\{username}\AppData\Roaming\driveridentifier
C:\Program Files (x86)\Driver Identifier
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier

DriverIdentifier 5.2 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Driver Identifier
       Adds the file 7z.dll"="6/20/2017 6:16 AM, 1060864 bytes, A
       Adds the file 7z.exe"="6/20/2017 6:16 AM, 264704 bytes, A
       Adds the file devcon.exe"="6/20/2017 6:16 AM, 78336 bytes, A
       Adds the file devcon64.exe"="6/20/2017 6:16 AM, 82432 bytes, A
       Adds the file DriverIdentifier.exe"="9/7/2017 10:23 AM, 933888 bytes, A
       Adds the file info.data"="6/20/2017 6:16 AM, 23603 bytes, A
       Adds the file libeay32.dll"="6/20/2017 6:16 AM, 1020416 bytes, A
       Adds the file libssh2.dll"="6/20/2017 6:16 AM, 166400 bytes, A
       Adds the file MyDriverUploader.exe"="6/20/2017 6:16 AM, 474624 bytes, A
       Adds the file php.exe"="6/20/2017 6:16 AM, 59904 bytes, A
       Adds the file php.ini"="10/22/2018 9:06 AM, 120 bytes, A
       Adds the file php_curl.dll"="6/20/2017 6:16 AM, 374784 bytes, A
       Adds the file php_mbstring.dll"="6/20/2017 6:16 AM, 1206272 bytes, A
       Adds the file php5.dll"="6/20/2017 6:16 AM, 6456320 bytes, A
       Adds the file psvince.dll"="6/20/2017 6:16 AM, 36864 bytes, A
       Adds the file ssleay32.dll"="6/20/2017 6:16 AM, 217600 bytes, A
       Adds the file unins000.dat"="10/22/2018 9:04 AM, 4411 bytes, A
       Adds the file unins000.exe"="10/22/2018 9:03 AM, 722597 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier
       Adds the file Driver Identifier.lnk"="10/22/2018 9:04 AM, 1128 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\driveridentifier
       Adds the file log.txt"="10/22/2018 9:06 AM, 23685 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader]
       "URL Protocol"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader\DefaultIcon]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Driver Identifier\DriverUploader.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader\shell\open\command]
       "(Default)"="REG_SZ", "C:\Program Files (x86)\Driver Identifier\DriverUploader.exe "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1]
       "DisplayName"="REG_SZ", "DriverIdentifier 5.2"
       "EstimatedSize"="REG_DWORD", 12859
       "HelpLink"="REG_SZ", "http://www.driveridentifier.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Driver Identifier"
       "Inno Setup: Icon Group"="REG_SZ", "Driver Identifier"
       "Inno Setup: Language"="REG_SZ", "english"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20181022"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Driver Identifier\"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "DriverIdentifier"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Driver Identifier\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Driver Identifier\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.driveridentifier.com/"
       "URLUpdateInfo"="REG_SZ", "http://www.driveridentifier.com/"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/22/18
Scan Time: 9:14 AM
Log File: 15429a25-d5ca-11e8-995d-00ffdcc6fdfc.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7461
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 238105
Threats Detected: 29
Threats Quarantined: 29
Time Elapsed: 2 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe, Quarantined, [948], [368276],1.0.7461

Module: 1
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe, Quarantined, [948], [368276],1.0.7461

Registry Key: 2
PUP.Optional.DriverIdentifier, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, HKLM\SOFTWARE\CLASSES\driveruploader, Quarantined, [948], [368278],1.0.7461

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.DriverIdentifier, C:\PROGRAM FILES (X86)\DRIVER IDENTIFIER, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER IDENTIFIER, Quarantined, [948], [368277],1.0.7461
PUP.Optional.DriverIdentifier, C:\USERS\{username}\APPDATA\ROAMING\DRIVERIDENTIFIER, Quarantined, [948], [368279],1.0.7461

File: 22
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\7z.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\7z.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\devcon.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\devcon64.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\info.data, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\libeay32.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\libssh2.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\MyDriverUploader.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php.ini, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php5.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php_curl.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php_mbstring.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\psvince.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\ssleay32.dll, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\unins000.dat, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\unins000.exe, Quarantined, [948], [368276],1.0.7461
PUP.Optional.DriverIdentifier, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier\Driver Identifier.lnk, Quarantined, [948], [368277],1.0.7461
PUP.Optional.DriverIdentifier, C:\Users\{username}\AppData\Roaming\driveridentifier\log.txt, Quarantined, [948], [368279],1.0.7461
PUP.Optional.DriverIdentifier, C:\USERS\{username}\DESKTOP\DRIVERDOUBLE_SETUP.EXE, Quarantined, [948], [368275],1.0.7461
PUP.Optional.DriverIdentifier, C:\USERS\{username}\DOWNLOADS\DRIVERDOUBLE_SETUP.EXE, Quarantined, [948], [368275],1.0.7461

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected. 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.