bootroot.loader

Discussion in 'Mac OS X System & Mac Software' started by mazzy, Apr 17, 2008.

  1. mazzy

    mazzy Registered

    Joined:
    Jun 8, 2006
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    Has anyone heard of this file?

    It's located in /system/library/privateframeworks/mediakit.framework/versions/a/resources/mkdrivers.bundle/contents/resources/

    Also in this folder are the following files-

    Apple_Driver_ATA.ptDR.drvr
    Apple_Driver_ATA.wiki.drvr
    Apple_Driver_ATAPI.ATPI.drvr
    Apple_Driver_ATAPI.DMMY.drvr
    Apple_Driver_ATAPI.ptDR.drvr
    Apple_Driver43_CD.CDrv.drvr
    Apple_Driver43.0x00010600.drvr
    Apple_Driver43.ptDR.drvr
    Apple_Patches.mesh.ptch
    Apple_Patches.ruby.ptch
    Apple_Patches.scsi.ptch
    Apple_Patches.snag.ptch
    boot.loader
    database.plist
    defaults.plist
    efi.loader
    inventory.plist
    mini.loader

    If anyone can tell me how to remove this, I'd appreciate it. It reinstalls after a so-called "clean" install.
     
  2. Giaguara

    Giaguara Chmod 760 Staff Member Mod

    Joined:
    Nov 29, 2002
    Messages:
    9,517
    Likes Received:
    9
    Trophy Points:
    38
    Why do you want to remove it?

    Frameworks are installed by the system, and those are usually safer to be left alone. If you do delete the file, get a backup of it before deleting it.
     
  3. mazzy

    mazzy Registered

    Joined:
    Jun 8, 2006
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    Because the only reference that I can find on the internet about it, says it's a rootkit. But I don't know how true that is. I was hoping someone with an Intel Mac would know if it's a required file.

    Thank you
     
  4. Giaguara

    Giaguara Chmod 760 Staff Member Mod

    Joined:
    Nov 29, 2002
    Messages:
    9,517
    Likes Received:
    9
    Trophy Points:
    38
    Ah, now I found the reference you probably had found. Sophos?
    If an antivirus software is telling that is a 'bad' file they should be held responsible for that statement if deleting that file will do harm in the end. 00

    I have the rest of those files in the same location also on a clean PPC Mac mini - will check on an Intel later (if the others haven't meanwhile) today. Considering that file's location, it'll be definitely better to check if it exists on the other similar systems, AND before deleting it making sure there is a backup in case there would be problems without it.

    If you look at the other files in that location, you notice e.g. efi loader. If that file is gone, your Mac will need a new system installation.
    Inventory.plist lists the boot partition and other boot information. So at least all these other files are needed.
     
  5. mazzy

    mazzy Registered

    Joined:
    Jun 8, 2006
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    Thanks, I'll leave it alone then!
     
  6. mazzy

    mazzy Registered

    Joined:
    Jun 8, 2006
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    I'm just worried that I have a security issue. The changes I make in Safari or in network prefs, don't seem to matter. In Safari prefs I've unchecked "open safe files automatically". In my plist, it still has "True to open safe files automatically", "Webkit use site specific spoofing" etc. When I do a search on something related to my computer, I end up with Asian webpages. My computer is getting slower and slower, and I just ran sysctl in terminal and it shows things that I wouldn't imagine are normal, but I don't know for sure.
    In part--

    vfs.devfs has 1 mounted instance
    vfs.fdesc has 1 mounted instance
    vfs.generic.nfs.client.initialdowndelay: 12
    vfs.generic.nfs.client.nextdowndelay: 30
    vfs.hfs has 2 mounted instances
    vfs.nfs has 4 mounted instances
    vfs.volfs has 1 mounted instance
    vm.loadavg: 0.20 0.09 0.20
    vm.swapusage: total = 512.00M used = 367.92M free = 144.08M

    Why would I need 2 mounted vfs.hfs and 4 mounted vfs.nfs?

    And also, there are many net.inet, net.inet6, dummynet and kern.dummy references. I also have 6to4.conf, afpovertcp.cf, and httpd.conf that recreates itself as a httpd.conf.bak if I edit it.

    Thanks for any help you can give me.
     
  7. Giaguara

    Giaguara Chmod 760 Staff Member Mod

    Joined:
    Nov 29, 2002
    Messages:
    9,517
    Likes Received:
    9
    Trophy Points:
    38
    Ok, checked on my MacBook Pro that is that fresh that iTunes hasn't even been opened on it and the only disc it has seen is the Mac OS X install disc. That bootroot.loader file is present at this location.
    How much free space do you have?
    Another thing.. do you have any external search thingies installed on your Mac, e.g. Google anything, Devon anything, anything else that would be indexing your drive?
     
  8. mazzy

    mazzy Registered

    Joined:
    Jun 8, 2006
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    I don't think so. I have EasyFind, but it's only supposed to search, not index. I do however have many help.helpindex files, and many html files. The help.helpindex files all begin with something similar to the following--

    typedstream NSMutableDictionary NSDictionary NSObject NSString+SKI_USE_REMOTE_ROOT NSNumber NSValue SKI_VERSIONS SKI_SEARCH_KIT SKI_HELP_INDEXER SKI_SYSTEM_BUILD SKI_CORE_FOUNDATION SKI_FOUNDATION SKI_INDEX_DATA
    NSMutableData NSData[83968c]Bud2

    If this (again;) is normal, I apologize. Unsure what the SKI_USE_REMOTE_ROOT thing is all about.

    I also wonder about another file -- /library/perl/5.8.6/appendtopath
    the contents of this file-
    /System/Library/Perl/Extras/5.8.6
    /Library/Perl/5.8.1


    74.5 capacity with 43.1 available.

    Thank you!
     
    Last edited: Apr 26, 2008
  9. mazzy

    mazzy Registered

    Joined:
    Jun 8, 2006
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    0
    Whatever it is, is getting worse. I can't update. I get a message- Make sure you can connect to the Internet, then try again. So I looked at my pref file, and it had the following.
    <key>CatalogURL</key>
    <string>http://update.server.address:8088/</string>
    <key>WebIconDatabaseDirectoryDefaultsKey</key>
    <string>~/Library/Icons</string>
    <key>WebKitDefaultFontSize</key>
    <integer>11</integer>
    <key>WebKitStandardFont</key>
    <string>Lucida Grande</string>

    I have a couple of curious files in CoreServices. One is .disk_label, and the other is .disk_label.contentdetails. The first has a bunch of these "÷÷÷", and the second simply says "Mac", the name of my hd. Another curious file is /preferences/byhost/com.apple.hitoolbox0016cba2a0a9.plist.
    A portion of that file-
    <key>AppleDefaultInputMethodOfClass</key>
    <dict>
    <key>inpm</key>
    <dict>
    <key>smJapanese</key>
    <array>
    <string>DZÇ&#8710;ǶÇË</string>
    <string>...tsvcinpmappl</string>
    <integer>33035</integer>
    </array>
    </dict>
    </dict>
    <key>AppleDefaultInputMode</key>
    <dict/>
    <key>AppleEnabledInputMethodsOfClass</key>
    <dict>
    <key>cplt</key>
    <array>
    <string>Character Palette</string>
    </array>
    <key>inpm</key>
    <array/>
    </dict>
    <key>AppleEnabledInputModes</key>
    <array>
    <array>
    <string>com.apple.inputmethod.TradChinese.Pinyin</string>
    <string>smTradChinese</string>
    <string>¡c&#8776;ȧ§§Â</string>
    </array>

    And I think I mentioned before that I have many asian language files, and get results for many asian sites when I search the web.

    Thanks for the help. I'm absolutely lost!
     
    Last edited: May 2, 2008

Share This Page