What is Quick Driver Updater?
The Malwarebytes research team has determined that Quick Driver Updater is a "driver updater". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
How do I know if I am infected with Quick Driver Updater?
This is how the main screen of the system optimizer looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this warning during install:
and these types of screens during "operations":
You may see this entry in your list of installed programs:
and these tasks in your list of Scheduled Tasks:
How did Quick Driver Updater get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:
How do I remove Quick Driver Updater?
Our program Malwarebytes can detect and remove this potentially unwanted application.
- Please download Malwarebytes for Windows to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- When the scan is finished click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
- No, Malwarebytes removes Quick Driver Updater completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes would have protected you against the Quick Driver Updater installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and both Malwarebytes Premium and Browser Guard block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
(DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L) C:\Program Files\Quick Driver Updater\qdu.exe Task: {54D242F6-0540-4BB4-9830-0410F6E552E5} - System32\Tasks\Quick Driver Updater_Logon => C:\Program Files\Quick Driver Updater\qdu.exe [4182160 2020-04-21] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L) Task: {56AFB3B9-6BF5-447A-9D58-F00A6AE66948} - System32\Tasks\Quick Driver Updater skipuac => C:\Program Files\Quick Driver Updater\qdu.exe [4182160 2020-04-21] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L) C:\Windows\system32\Tasks\Quick Driver Updater_Logon C:\Windows\system32\Tasks\Quick Driver Updater skipuac C:\Users\Public\Desktop\Quick Driver Updater.lnk C:\ProgramData\Desktop\Quick Driver Updater.lnk C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater C:\Program Files\Quick Driver Updater (Digital Protection Services S.R.L ) C:\Users\{username}\Downloads\qdurtsetup.exe Quick Driver Updater (HKLM\...\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_is1) (Version: 1.0.0.3 - Digital Protection Services S.R.L)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\Quick Driver Updater Adds the file Application_icon.png"="10/15/2019 6:52 PM, 7352 bytes, A Adds the file Delimon.Win32.IO.dll"="4/21/2020 8:15 PM, 963728 bytes, A Adds the file Interop.IWshRuntimeLibrary.dll"="4/21/2020 8:15 PM, 62608 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/21/2020 8:15 PM, 184976 bytes, A Adds the file Microsoft.WindowsAPICodePack.dll"="4/21/2020 8:15 PM, 111760 bytes, A Adds the file Microsoft.WindowsAPICodePack.Shell.dll"="4/21/2020 8:15 PM, 555664 bytes, A Adds the file Newtonsoft.Json.dll"="4/21/2020 8:15 PM, 478864 bytes, A Adds the file qdu.exe"="4/21/2020 8:15 PM, 4182160 bytes, A Adds the file qdu.exe.config"="2/21/2020 5:01 PM, 3691 bytes, A Adds the file QDU.ttf"="1/27/2020 12:20 PM, 27812 bytes, A Adds the file System.Data.SQLite.dll"="4/21/2020 8:15 PM, 382096 bytes, A Adds the file TAFactory.IconPack.dll"="4/21/2020 8:15 PM, 50320 bytes, A Adds the file unins000.dat"="4/24/2020 9:05 AM, 70411 bytes, A Adds the file unins000.exe"="4/24/2020 9:05 AM, 1505936 bytes, A Adds the file unins000.msg"="4/24/2020 9:05 AM, 22701 bytes, A Adds the file Windows.winmd"="4/21/2020 8:15 PM, 1450128 bytes, A Adds the file WPFToolkit.dll"="10/14/2019 2:47 PM, 467288 bytes, A Adds the folder C:\Program Files\Quick Driver Updater\dp Adds the file 7z.dll"="4/21/2020 8:15 PM, 1087120 bytes, A Adds the file 7z.exe"="4/21/2020 8:15 PM, 278672 bytes, A Adds the file difxapi.dll"="10/14/2019 2:48 PM, 323464 bytes, A Adds the file difxapi64.dll"="10/14/2019 2:48 PM, 519048 bytes, A Adds the file DPInst32.exe"="4/21/2020 8:15 PM, 558736 bytes, A Adds the file DPInst64.exe"="4/21/2020 8:15 PM, 684176 bytes, A Adds the file qdureppath.exe"="4/21/2020 8:15 PM, 272528 bytes, A Adds the file qduverif.exe"="4/21/2020 8:15 PM, 279696 bytes, A Adds the folder C:\Program Files\Quick Driver Updater\langs Adds the file qdu_en-us.ini"="4/21/2020 1:28 PM, 85050 bytes, A Adds the folder C:\Program Files\Quick Driver Updater\x64 Adds the file SQLite.Interop.dll"="4/21/2020 8:15 PM, 1594512 bytes, A Adds the folder C:\Program Files\Quick Driver Updater\x86 Adds the file SQLite.Interop.dll"="4/21/2020 8:15 PM, 1124496 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater Adds the file Quick Driver Updater.lnk"="4/24/2020 9:05 AM, 883 bytes, A Adds the file Uninstall Quick Driver Updater.lnk"="4/24/2020 9:05 AM, 914 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater Adds the file Errorlog.txt"="4/24/2020 9:07 AM, 109126 bytes, A Adds the file Mydb.sqlite"="4/24/2020 9:06 AM, 16384 bytes, A Adds the file notifier.xml"="4/24/2020 9:06 AM, 3553 bytes, A Adds the file res.bin"="4/24/2020 9:07 AM, 34648 bytes, A Adds the file Result.cb"="4/24/2020 9:07 AM, 85388 bytes, A Adds the file update.xml"="4/24/2020 9:06 AM, 8660 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups Adds the folder C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvDownload In the existing folder C:\Users\Public\Desktop Adds the file Quick Driver Updater.lnk"="4/24/2020 9:05 AM, 865 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Quick Driver Updater skipuac"="4/24/2020 9:06 AM, 3084 bytes, A Adds the file Quick Driver Updater_Logon"="4/24/2020 9:06 AM, 3048 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection Services S.R.L\Quick Driver Updater] "affired"="REG_DWORD", 0 "afterInstallUrl"="REG_SZ", "http://www.quickdriverupdater.com/inw/install/quick-driver-updater/?" "at"="REG_SZ", "" "bs"="REG_SZ", "" "btnid"="REG_SZ", "" "cd"="REG_SZ", "us" "country"="REG_SZ", "" "cta"="REG_DWORD", 0 "ctx"="REG_SZ", "" "ddtime"="REG_DWORD", 350 "delay"="REG_DWORD", 0 "devicesscanned"="REG_DWORD", 55 "expired"="REG_DWORD", 0 "ftc"="REG_SZ", "0" "hdata"="REG_BINARY, .............P.......... "hdinstpg"="REG_DWORD", 1 "hdncmpgui"="REG_DWORD", 1 "hdunistpg"="REG_DWORD", 0 "ignoreddrivercount"="REG_DWORD", 0 "InstallString"="REG_SZ", "C:\Program Files\Quick Driver Updater" "ipaddrurl"="REG_SZ", "http://www.quickdriverupdater.com/inw/wfip/" "isinstfont"="REG_DWORD", 1 "IsPhnEnb"="REG_DWORD", 0 "isSchedule"="REG_DWORD", 0 "LangCode"="REG_SZ", "en" "lastscandate"="REG_SZ", "4/24/2020 7:07:11 AM" "lastscanstatus"="REG_DWORD", 2 "lastupdatedate"="REG_SZ", "1/1/0001 12:00:00 AM" "lpid"="REG_SZ", "" "lstscnsett"="REG_BINARY, .......................................... "nointernetdrvrslt"="REG_DWORD", 1 "oldmissingdrivercount"="REG_DWORD", 4 "p"="REG_SZ", "wtsite" "paramurl"="REG_SZ", "https://qip.quickdriverupdater.com/qdu/" "PhNo"="REG_SZ", "" "playsound"="REG_DWORD", 0 "plt"="REG_SZ", "" "ppinag"="REG_DWORD", 0 "PurchaseURL"="REG_SZ", "http://www.quickdriverupdater.com/purchase/quick-driver-updater/plan?" "reg"="REG_DWORD", 0 "RenewURL"="REG_SZ", "http://www.quickdriverupdater.com/purchase/quick-driver-updater/plan?" "rescan"="REG_DWORD", 0 "runcam"="REG_DWORD", 1 "runpixel"="REG_DWORD", 1 "runpub"="REG_DWORD", 1 "runsrc"="REG_DWORD", 1 "scntype"="REG_DWORD", 0 "showunins"="REG_DWORD", 0 "skipuac"="REG_DWORD", 1 "supporturl"="REG_SZ", "https://dpsro.kayako.com/conversation/new/" "ud"="REG_SZ", "" "uptodatedrivercount"="REG_DWORD", 51 "utm_campaign"="REG_SZ", "site" "utm_medium"="REG_SZ", "default" "utm_source"="REG_SZ", "site" "va"="REG_SZ", "" "vb"="REG_SZ", "" "vc"="REG_SZ", "" "vendorLogo"="REG_SZ", "common_logo.jpg" "vendorMachineAvi"="REG_SZ", "common_desktop.gif" "WebURL"="REG_SZ", "http://www.quickdriverupdater.com/" "xdt"="REG_SZ", "" "xip"="REG_SZ", "{user_ip}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\Quick Driver Updater\qdu.exe" "DisplayName"="REG_SZ", "Quick Driver Updater" "DisplayVersion"="REG_SZ", "1.0.0.3" "EstimatedSize"="REG_DWORD", 16837 "HelpLink"="REG_SZ", "https://dpsro.kayako.com/conversation/new/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files\Quick Driver Updater" "Inno Setup: Icon Group"="REG_SZ", "Quick Driver Updater" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.9 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20200424" "InstallLocation"="REG_SZ", "C:\Program Files\Quick Driver Updater\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Digital Protection Services S.R.L" "QuietUninstallString"="REG_SZ", ""C:\Program Files\Quick Driver Updater\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files\Quick Driver Updater\unins000.exe" /SILENT" "URLInfoAbout"="REG_SZ", "http://www.quickdriverupdater.com/" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\VO2TK2AYXAEP0LC6\JFLJAJ12POJE3UHA] "ARK"="REG_BINARY, ................................................................................... [HKEY_LOCAL_MACHINE\SOFTWARE\qdu-pr] "affiliateid"="REG_SZ", "" "at"="REG_SZ", "" "bs"="REG_SZ", "" "btnid"="REG_SZ", "" "country"="REG_SZ", "" "ctx"="REG_SZ", "" "LangCode"="REG_SZ", "en" "lpid"="REG_SZ", "" "phone"="REG_SZ", "" "plt"="REG_SZ", "" "referurl"="REG_SZ", "" "utm_medium"="REG_SZ", "default" "utm_pubid"="REG_SZ", "" "va"="REG_SZ", "" "vb"="REG_SZ", "" "vc"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Digital Protection Services S.R.L\Quick Driver Updater] "bs"="REG_SZ", "" "ftc"="REG_SZ", "0" "InstallString"="REG_SZ", "C:\Program Files\Quick Driver Updater" "LangCode"="REG_SZ", "en" "p"="REG_SZ", "wtsite" "skipuac"="REG_DWORD", 1 "utm_campaign"="REG_SZ", "site" "utm_medium"="REG_SZ", "default" "utm_source"="REG_SZ", "site" "xdt"="REG_SZ", "" "xip"="REG_SZ", "{user_ip}" [HKEY_CURRENT_USER\Software\Digital Protection Services S.R.L\Quick Driver Updater\1.0.0.3]Malwarebytes log:
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/24/20 Scan Time: 9:16 AM Log File: 7eedcde4-85fb-11ea-a957-00ffdcc6fdfc.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.875 Update Package Version: 1.0.22860 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 233676 Threats Detected: 37 Threats Quarantined: 36 Time Elapsed: 3 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1086, 814053, , , , Module: 3 PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\SYSTEM.DATA.SQLITE.DLL, Quarantined, 1086, 814201, , , , Registry Key: 10 PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\DIGITAL PROTECTION SERVICES S.R.L\Quick Driver Updater, Quarantined, 1086, 814059, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_IS1, Quarantined, 1086, 814060, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, HKCU\SOFTWARE\DIGITAL PROTECTION SERVICES S.R.L\Quick Driver Updater, Quarantined, 1086, 814063, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\qdu-pr, Quarantined, 1086, 814062, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick Driver Updater skipuac, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{56AFB3B9-6BF5-447A-9D58-F00A6AE66948}, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{56AFB3B9-6BF5-447A-9D58-F00A6AE66948}, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick Driver Updater_Logon, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54D242F6-0540-4BB4-9830-0410F6E552E5}, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{54D242F6-0540-4BB4-9830-0410F6E552E5}, Quarantined, 1086, 814053, , , , Registry Value: 1 PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_IS1|DISPLAYNAME, Quarantined, 1086, 814060, 1.0.22860, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.QuickDriverUpdater, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\QUICK DRIVER UPDATER, Quarantined, 1086, 814055, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvDownload, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\DIGITAL PROTECTION SERVICES S.R.L.\QUICK DRIVER UPDATER, Quarantined, 1086, 814057, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER, Removal Failed, 1086, 814201, 1.0.22860, , ame, File: 17 PUP.Optional.QuickDriverUpdater, C:\USERS\PUBLIC\DESKTOP\QUICK DRIVER UPDATER.LNK, Quarantined, 1086, 814056, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater\Quick Driver Updater.lnk, Quarantined, 1086, 814055, , , , PUP.Optional.QuickDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater\Uninstall Quick Driver Updater.lnk, Quarantined, 1086, 814055, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Errorlog.txt, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Mydb.sqlite, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\notifier.xml, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\res.bin, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Result.cb, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\update.xml, Quarantined, 1086, 814057, , , , PUP.Optional.QuickDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\Quick Driver Updater skipuac, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\Quick Driver Updater_Logon, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Quick Driver Updater.lnk, Quarantined, 1086, 814053, , , , PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1086, 814053, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Quarantined, 1086, 814053, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\SYSTEM.DATA.SQLITE.DLL, Quarantined, 1086, 814201, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\USERS\{username}\DESKTOP\QDURTSETUP.EXE, Quarantined, 1086, 814053, 1.0.22860, , ame, PUP.Optional.QuickDriverUpdater, C:\USERS\{username}\DOWNLOADS\QDURTSETUP.EXE, Quarantined, 1086, 814053, 1.0.22860, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention