PUP.Optional.QuickDriverUpdater

Short bio

PUP.Optional.QuickDriverUpdater is Malwarebytes’ detection name for a potentially unwanted program, a so-called “driver updater and system optimizer” dubbed Quick Driver Updater which is published by Digital Protection Services S.R.L. for Windows systems.

GUI Quick Driver Updater

Symptoms

Users of affected systems may have seen these warnings during install:

installing Quick Driver Updater

install splash Quick Driver Updater

Drivermax uses several Scheduled Tasks to gain persistence:

Scheduled Tasks Quick Driver Updater

You may see this entry in the list of installed Programs and Features:

installed Quick Driver Updater

and these screens during operations:

reminder Quick Driver Updater

register Quick Driver Updater

Type and source of the infection

PUP.Optional.QuickDriverUpdater is a driver updater and system optimizer. These so-called “system optimizers” use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
PUP.Optional.QuickDriverUpdater is usually installed by users themselves and downloaded from their website.

quickdriverupdater.com

quickdriverupdater.com

Protection

Malwarebytes protects users from PUP.Optional.QuickDriverUpdater by using real-time protection.

block PUP.Optional.QuickDriverUpdater

and by blocking their domain:

block quickdriverupdater.com

Remediation

Malwarebytes can detect and remove PUP.Optional.QuickDriverUpdater without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Malwarebytes removal log

A Malwarebytes log of removal will look similar to this:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/20
Scan Time: 9:16 AM
Log File: 7eedcde4-85fb-11ea-a957-00ffdcc6fdfc.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.22860
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 233676
Threats Detected: 37
Threats Quarantined: 36
Time Elapsed: 3 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1086, 814053, , , , 

Module: 3
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\SYSTEM.DATA.SQLITE.DLL, Quarantined, 1086, 814201, , , , 

Registry Key: 10
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\DIGITAL PROTECTION SERVICES S.R.L\Quick Driver Updater, Quarantined, 1086, 814059, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_IS1, Quarantined, 1086, 814060, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, HKCU\SOFTWARE\DIGITAL PROTECTION SERVICES S.R.L\Quick Driver Updater, Quarantined, 1086, 814063, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\qdu-pr, Quarantined, 1086, 814062, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick Driver Updater skipuac, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{56AFB3B9-6BF5-447A-9D58-F00A6AE66948}, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{56AFB3B9-6BF5-447A-9D58-F00A6AE66948}, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Quick Driver Updater_Logon, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{54D242F6-0540-4BB4-9830-0410F6E552E5}, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{54D242F6-0540-4BB4-9830-0410F6E552E5}, Quarantined, 1086, 814053, , , , 

Registry Value: 1
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_IS1|DISPLAYNAME, Quarantined, 1086, 814060, 1.0.22860, , ame, 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.QuickDriverUpdater, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\QUICK DRIVER UPDATER, Quarantined, 1086, 814055, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvDownload, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\USERS\{username}\APPDATA\ROAMING\DIGITAL PROTECTION SERVICES S.R.L.\QUICK DRIVER UPDATER, Quarantined, 1086, 814057, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER, Removal Failed, 1086, 814201, 1.0.22860, , ame, 

File: 17
PUP.Optional.QuickDriverUpdater, C:\USERS\PUBLIC\DESKTOP\QUICK DRIVER UPDATER.LNK, Quarantined, 1086, 814056, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater\Quick Driver Updater.lnk, Quarantined, 1086, 814055, , , , 
PUP.Optional.QuickDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater\Uninstall Quick Driver Updater.lnk, Quarantined, 1086, 814055, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Errorlog.txt, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Mydb.sqlite, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\notifier.xml, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\res.bin, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Result.cb, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\update.xml, Quarantined, 1086, 814057, , , , 
PUP.Optional.QuickDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\Quick Driver Updater skipuac, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, C:\WINDOWS\SYSTEM32\TASKS\Quick Driver Updater_Logon, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Quick Driver Updater.lnk, Quarantined, 1086, 814053, , , , 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\QDU.EXE, Quarantined, 1086, 814053, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\MICROSOFT.WIN32.TASKSCHEDULER.DLL, Quarantined, 1086, 814053, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\PROGRAM FILES\QUICK DRIVER UPDATER\SYSTEM.DATA.SQLITE.DLL, Quarantined, 1086, 814201, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\USERS\{username}\DESKTOP\QDURTSETUP.EXE, Quarantined, 1086, 814053, 1.0.22860, , ame, 
PUP.Optional.QuickDriverUpdater, C:\USERS\{username}\DOWNLOADS\QDURTSETUP.EXE, Quarantined, 1086, 814053, 1.0.22860, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Add an exclusion

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

Traces/IOCs

You may see these entries in FRST logs:

(DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L) C:\Program Files\Quick Driver Updater\qdu.exe
Task: {54D242F6-0540-4BB4-9830-0410F6E552E5} - System32\Tasks\Quick Driver Updater_Logon => C:\Program Files\Quick Driver Updater\qdu.exe [4182160 2020-04-21] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L)
Task: {56AFB3B9-6BF5-447A-9D58-F00A6AE66948} - System32\Tasks\Quick Driver Updater skipuac => C:\Program Files\Quick Driver Updater\qdu.exe [4182160 2020-04-21] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L)
C:\Windows\system32\Tasks\Quick Driver Updater_Logon
C:\Windows\system32\Tasks\Quick Driver Updater skipuac
C:\Users\Public\Desktop\Quick Driver Updater.lnk
C:\ProgramData\Desktop\Quick Driver Updater.lnk
C:\Users\{username}\AppData\Roaming\Digital Protection Services S.R.L
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Driver Updater
C:\Program Files\Quick Driver Updater
(Digital Protection Services S.R.L ) C:\Users\{username}\Downloads\qdurtsetup.exe

Quick Driver Updater (HKLM\...\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_is1) (Version: 1.0.0.3 - Digital Protection Services S.R.L)

Select your language