bootroot.loader

[mazzy]

Has anyone heard of this file?

It's located in /system/library/privateframeworks/mediakit.framework/versions/a/resources/mkdrivers.bundle/contents/resources/

Also in this folder are the following files-

Apple_Driver_ATA.ptDR.drvr
Apple_Driver_ATA.wiki.drvr
Apple_Driver_ATAPI.ATPI.drvr
Apple_Driver_ATAPI.DMMY.drvr
Apple_Driver_ATAPI.ptDR.drvr
Apple_Driver43_CD.CDrv.drvr
Apple_Driver43.0x00010600.drvr
Apple_Driver43.ptDR.drvr
Apple_Patches.mesh.ptch
Apple_Patches.ruby.ptch
Apple_Patches.scsi.ptch
Apple_Patches.snag.ptch
boot.loader
database.plist
defaults.plist
efi.loader
inventory.plist
mini.loader

If anyone can tell me how to remove this, I'd appreciate it. It reinstalls after a so-called "clean" install.

 

[Giaguara]

Why do you want to remove it?

Frameworks are installed by the system, and those are usually safer to be left alone. If you do delete the file, get a backup of it before deleting it.

 

[mazzy]

Because the only reference that I can find on the internet about it, says it's a rootkit. But I don't know how true that is. I was hoping someone with an Intel Mac would know if it's a required file.

Thank you

 

[Giaguara]

Ah, now I found the reference you probably had found. Sophos?
If an antivirus software is telling that is a 'bad' file they should be held responsible for that statement if deleting that file will do harm in the end. 00

I have the rest of those files in the same location also on a clean PPC Mac mini - will check on an Intel later (if the others haven't meanwhile) today. Considering that file's location, it'll be definitely better to check if it exists on the other similar systems, AND before deleting it making sure there is a backup in case there would be problems without it.

If you look at the other files in that location, you notice e.g. efi loader. If that file is gone, your Mac will need a new system installation.
Inventory.plist lists the boot partition and other boot information. So at least all these other files are needed.

 

[mazzy]

Thanks, I'll leave it alone then!

 

[mazzy]

I'm just worried that I have a security issue. The changes I make in Safari or in network prefs, don't seem to matter. In Safari prefs I've unchecked "open safe files automatically". In my plist, it still has "True to open safe files automatically", "Webkit use site specific spoofing" etc. When I do a search on something related to my computer, I end up with Asian webpages. My computer is getting slower and slower, and I just ran sysctl in terminal and it shows things that I wouldn't imagine are normal, but I don't know for sure.
In part--

vfs.devfs has 1 mounted instance
vfs.fdesc has 1 mounted instance
vfs.generic.nfs.client.initialdowndelay: 12
vfs.generic.nfs.client.nextdowndelay: 30
vfs.hfs has 2 mounted instances
vfs.nfs has 4 mounted instances
vfs.volfs has 1 mounted instance
vm.loadavg: 0.20 0.09 0.20
vm.swapusage: total = 512.00M used = 367.92M free = 144.08M

Why would I need 2 mounted vfs.hfs and 4 mounted vfs.nfs?

And also, there are many net.inet, net.inet6, dummynet and kern.dummy references. I also have 6to4.conf, afpovertcp.cf, and httpd.conf that recreates itself as a httpd.conf.bak if I edit it.

Thanks for any help you can give me.

 

[Giaguara]

Ok, checked on my MacBook Pro that is that fresh that iTunes hasn't even been opened on it and the only disc it has seen is the Mac OS X install disc. That bootroot.loader file is present at this location.
How much free space do you have?
Another thing.. do you have any external search thingies installed on your Mac, e.g. Google anything, Devon anything, anything else that would be indexing your drive?

 

[mazzy]

I don't think so. I have EasyFind, but it's only supposed to search, not index. I do however have many help.helpindex files, and many html files. The help.helpindex files all begin with something similar to the following--

typedstream NSMutableDictionary NSDictionary NSObject NSString
+SKI_USE_REMOTE_ROOT NSNumber NSValue SKI_VERSIONS SKI_SEARCH_KIT SKI_HELP_INDEXER SKI_SYSTEM_BUILD SKI_CORE_FOUNDATION SKI_FOUNDATION SKI_INDEX_DATA
NSMutableData NSData[83968c]Bud2


If this (again is normal, I apologize. Unsure what the SKI_USE_REMOTE_ROOT thing is all about.

I also wonder about another file -- /library/perl/5.8.6/appendtopath
the contents of this file-
/System/Library/Perl/Extras/5.8.6
/Library/Perl/5.8.1


74.5 capacity with 43.1 available.

Thank you!

 

[mazzy]

Whatever it is, is getting worse. I can't update. I get a message- Make sure you can connect to the Internet, then try again. So I looked at my pref file, and it had the following.
<key>CatalogURL</key>
<string>http://update.server.address:8088/</string>
<key>WebIconDatabaseDirectoryDefaultsKey</key>
<string>~/Library/Icons</string>
<key>WebKitDefaultFontSize</key>
<integer>11</integer>
<key>WebKitStandardFont</key>
<string>Lucida Grande</string>

I have a couple of curious files in CoreServices. One is .disk_label, and the other is .disk_label.contentdetails. The first has a bunch of these "÷÷÷", and the second simply says "Mac", the name of my hd. Another curious file is /preferences/byhost/com.apple.hitoolbox0016cba2a0a9.plist.
A portion of that file-
<key>AppleDefaultInputMethodOfClass</key>
<dict>
<key>inpm</key>
<dict>
<key>smJapanese</key>
<array>
<string>DZÇ&#8710;ǶÇË</string>
<string>...tsvcinpmappl</string>
<integer>33035</integer>
</array>
</dict>
</dict>
<key>AppleDefaultInputMode</key>
<dict/>
<key>AppleEnabledInputMethodsOfClass</key>
<dict>
<key>cplt</key>
<array>
<string>Character Palette</string>
</array>
<key>inpm</key>
<array/>
</dict>
<key>AppleEnabledInputModes</key>
<array>
<array>
<string>com.apple.inputmethod.TradChinese.Pinyin</string>
<string>smTradChinese</string>
<string>¡c&#8776;ȧ§§Â</string>
</array>

And I think I mentioned before that I have many asian language files, and get results for many asian sites when I search the web.

Thanks for the help. I'm absolutely lost!