What is Driver Identifier?
The Malwarebytes research team has determined that Driver Identifier is a "driver updater". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
This one also shows advertisements for other PUPs in the scan results.
How do I know if I am infected with Driver Identifier?
This is how the main screen of the system optimizer looks:
You will find these icons in your taskbar, and your startmenu:
and see these warnings during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
How did Driver Identifier get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:
How do I remove Driver Identifier?
Our program Malwarebytes can detect and remove this potentially unwanted application.
- Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes removes Driver Identifier completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes would have protected you against the Driver Identifier installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and we block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
(Driver Identifier) C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe C:\Users\{username}\AppData\Roaming\driveridentifier C:\Program Files (x86)\Driver Identifier C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier DriverIdentifier 5.2 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Driver Identifier Adds the file 7z.dll"="6/20/2017 6:16 AM, 1060864 bytes, A Adds the file 7z.exe"="6/20/2017 6:16 AM, 264704 bytes, A Adds the file devcon.exe"="6/20/2017 6:16 AM, 78336 bytes, A Adds the file devcon64.exe"="6/20/2017 6:16 AM, 82432 bytes, A Adds the file DriverIdentifier.exe"="9/7/2017 10:23 AM, 933888 bytes, A Adds the file info.data"="6/20/2017 6:16 AM, 23603 bytes, A Adds the file libeay32.dll"="6/20/2017 6:16 AM, 1020416 bytes, A Adds the file libssh2.dll"="6/20/2017 6:16 AM, 166400 bytes, A Adds the file MyDriverUploader.exe"="6/20/2017 6:16 AM, 474624 bytes, A Adds the file php.exe"="6/20/2017 6:16 AM, 59904 bytes, A Adds the file php.ini"="10/22/2018 9:06 AM, 120 bytes, A Adds the file php_curl.dll"="6/20/2017 6:16 AM, 374784 bytes, A Adds the file php_mbstring.dll"="6/20/2017 6:16 AM, 1206272 bytes, A Adds the file php5.dll"="6/20/2017 6:16 AM, 6456320 bytes, A Adds the file psvince.dll"="6/20/2017 6:16 AM, 36864 bytes, A Adds the file ssleay32.dll"="6/20/2017 6:16 AM, 217600 bytes, A Adds the file unins000.dat"="10/22/2018 9:04 AM, 4411 bytes, A Adds the file unins000.exe"="10/22/2018 9:03 AM, 722597 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier Adds the file Driver Identifier.lnk"="10/22/2018 9:04 AM, 1128 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\driveridentifier Adds the file log.txt"="10/22/2018 9:06 AM, 23685 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader] "URL Protocol"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader\DefaultIcon] "(Default)"="REG_SZ", "C:\Program Files (x86)\Driver Identifier\DriverUploader.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader\shell\open\command] "(Default)"="REG_SZ", "C:\Program Files (x86)\Driver Identifier\DriverUploader.exe "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1] "DisplayName"="REG_SZ", "DriverIdentifier 5.2" "EstimatedSize"="REG_DWORD", 12859 "HelpLink"="REG_SZ", "http://www.driveridentifier.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Driver Identifier" "Inno Setup: Icon Group"="REG_SZ", "Driver Identifier" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20181022" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Driver Identifier\" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "DriverIdentifier" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Driver Identifier\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Driver Identifier\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.driveridentifier.com/" "URLUpdateInfo"="REG_SZ", "http://www.driveridentifier.com/"Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/22/18 Scan Time: 9:14 AM Log File: 15429a25-d5ca-11e8-995d-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7461 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238105 Threats Detected: 29 Threats Quarantined: 29 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe, Quarantined, [948], [368276],1.0.7461 Module: 1 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe, Quarantined, [948], [368276],1.0.7461 Registry Key: 2 PUP.Optional.DriverIdentifier, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, HKLM\SOFTWARE\CLASSES\driveruploader, Quarantined, [948], [368278],1.0.7461 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.DriverIdentifier, C:\PROGRAM FILES (X86)\DRIVER IDENTIFIER, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVER IDENTIFIER, Quarantined, [948], [368277],1.0.7461 PUP.Optional.DriverIdentifier, C:\USERS\{username}\APPDATA\ROAMING\DRIVERIDENTIFIER, Quarantined, [948], [368279],1.0.7461 File: 22 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\7z.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\7z.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\devcon.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\devcon64.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\info.data, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\libeay32.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\libssh2.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\MyDriverUploader.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php.ini, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php5.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php_curl.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\php_mbstring.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\psvince.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\ssleay32.dll, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\unins000.dat, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\Program Files (x86)\Driver Identifier\unins000.exe, Quarantined, [948], [368276],1.0.7461 PUP.Optional.DriverIdentifier, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier\Driver Identifier.lnk, Quarantined, [948], [368277],1.0.7461 PUP.Optional.DriverIdentifier, C:\Users\{username}\AppData\Roaming\driveridentifier\log.txt, Quarantined, [948], [368279],1.0.7461 PUP.Optional.DriverIdentifier, C:\USERS\{username}\DESKTOP\DRIVERDOUBLE_SETUP.EXE, Quarantined, [948], [368275],1.0.7461 PUP.Optional.DriverIdentifier, C:\USERS\{username}\DOWNLOADS\DRIVERDOUBLE_SETUP.EXE, Quarantined, [948], [368275],1.0.7461 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention