Here are the SHA256 in text: "Safe" .zip SHA256: "2B430EFE794ABDAB7DB446EF3DA9BFA5979DAE15280B1E8C8BF50EC77400F4CE" <- do not update app version internally in future, app drivers seem unaffected *currently*. "Safe" x86 Binary SHA256:"CAE8EB9EAC810064B3E7B6E39D149B014DCB50F165A9A4CE595B1A353C5D5BEF" "Safe" x64 Binary SHA256: "6CE7008232C0E0D5C49D743EDEB7F906B5B66BB9C309A2AB67F29162D09107E0" BAD .zip "SHA256:08A0EF2B3CD3DE2D654BC13689272235D3B3759A843A2C26B8857D08CED2516" BAD x86 Binary SHA256: "191661A7AEA25BCA7788E79214EFC7FF08E7EC1F196E0E51CB7D372E9365B61C" BAD x64 Binary SHA256: "61A1442CEE73B8D7CDB5B6EC2C51E9AF88805021E3DDB19192F8BBE59E04AB73" Tried to edit post, keep getting SSL overflow error.
Thank you Mayjoko, Why Badpointer stopped the development of his tool SDI ? Is Badpointer informed of your researches ? What is the best safe updated version of SDI to use to avoid PUP and where to download it please ? What about the driverpacks updates throught SDI ?
@drew84 check my supplemental pictures, I made this point. @tester64 r539 is safe if it matches the hashes I listed, which last I looked can be grabbed from sourceforge. (DO NOT UPDATE THE APP VERSION FROM INSIDE APP IN FUTURE). I don't know how to get a hold of BadPointer but I know they stopped developing it a while ago and if I recall was promised this wouldn't happen.
In lieu of the OP, I went looking - and I found 2 instances of SDI at SourceForge. 1) the normal SDI that I have used in the past, latest version is SDI r539, archive file dates of 3 March 2017, and website is sdi-tool.org/ 2) SDI Origin, which only shows a single release, r541, with 2 MD5 files (per architecture), Archive file dates of 10 March 2017, and website is snappy-driver-installer.org/ (which gives me a 404 error). Any idea on this "new branch"? I can say that the executable files in Origin also are much larger, almost 4 times as large as the ones in r539. Interestingly enough, downloading the r539.ZIP file directly from sdi-tool.org alsogives larger file sizes than the ones downloaded directly from the SDI Sourceforge site. SDI r539 from SourceForge SDI site (sourceforge.net/projects/snappy-driver-installer/?source=directory): SHA256: 2b430efe794abdab7db446ef3da9bfa5979dae15280b1e8c8bf50ec77400f4ce SDI r541 from SourceForge SDI Origin site (sourceforge.net/projects/snappy-driver-installer-origin/?source=directory): SHA256: 1864a9ce4415b0eac131cd31e3c6a88e1a76e2529384ee259fca3e307ad470ef SDI r539 from sdi-tool.org/ (Non-torrent link, direct DL that is called SDI Lite): SHA256: 08a0ef2fb3cd3de2d654bc13689272235d3b3759a843a2c26b8857d08ced2516 I'm downloading the full package via torrent to see which files come across, the ones matching SourceForge or the ones matching the Lite version.
I hadn't seen any update yet, so I haven't looked, but in every case as I mentioned, all affected executables are not packed and are substantially bigger because of it, I don't know why but I suspect it is because a different author. The update for R539 was originally dated something like 2/27 or so, the clean version was dated 3/3/2017, which suggested to me that this person realized they couldn't upload infected rubbish to mirror sites with integrity, but that they could update those releases via internal torrent and do it anyway later. sdi-tool.org not to be trusted as mentioned r539 from them was infected, all available torrent url lead to (at the time) R539 which was infested. The SDI-Tool.org site should doubly not be trusted since the dynamic page offer is directly from that domain, if you look at main post. This SDI Origin is new and good find, the file size could simply be due to this person also not packing the executable, they are also linking to a site that currently isn't online. I find it laughable they provided md5 hashes in that repo, md5 can't be trusted, doesn't matter because this is a new version. I don't have time to test currently, but origin does imply that there was a hostile takeover or perhaps a difference of opinion much like uBlock project. I am distressed that the landing page makes no mention of events or why, perhaps the site (if and when it comes up will). Based on a review from one viewer it maybe not affected, but I would urge caution all the same without having tested. It looks to be likely be a fork of the clean (still clean?) repo of the original with a name change. I know for sure that with r535 it is offering r539 which is clearly not R541, so definitely separate with that regard.
Thanks for the additional information! I switched to the SDI Origin package yesterday from Glenn's website.