Are these normal? Packages & bootroot.loader.dmg

I don’t remember seeing these before, can someone please tell me what they are? Came up in scan today.

MediaKit.framework Package 2 warnings
system/library/privateframeworks

check_afp
system/library/filesystems/appleshare

bootroot.loader …OK
bootroot.loader.dmg err 42110
versions/a/resources/mkdrivers.bundle/contents/resources

Is this normal stuff?

Thanks

Hallo,
42110 means “decompression bomb”, and the package simply reached the limit where it has suspiciously high compression ratio.
It’s fair to warn about this (some malware programs used decompression bombs to overload antivirus processing), but in few cases this might be natural consequience of highly “packable” content. dmg might be the case.
regards,
pc

What should I do to make sure it isn’t malware?

for example, you can mount the DMG and scan it when mounted. or, you can convert it (using hdiutil) to different format (w/o compression)…

regards,
pc

How do I mount it if it’s just a file? I don’t understand the other thing you said.

Thank you.

Okay, posting this for future reference of other ppl.

I called Mac Support again (they just love me now sarcasm).

First guy I got was an idiot who asked why I was even scanning my system, since Macs don’t get viruses (because those viruses in the Avast! definitions, I mean, they don’t exist, am I right? :P).

So I lied and told him I sometimes run windows files to shut him up. Then he asks if I’m booted in windows and frustrated I say look, I’m just scanning with Avast! in Mac Mode and I’ve got an error on this file called “bootroot.loader.dmg”, it’s a decompression error and I want to know if this file is native to your OS or if it’s nasty and I need to dump it.

He says, “I don’t know what you’re talking about.” I say, okay, do you have tiered tech support? He says, “What?” I’m like tiered tech support, like can you elevate me to a higher level of tech? He says , “Um yeah, but I need to try to figure it out first.”

Ummm…wtf? He just admitted he had no idea what I was talking about. So this time I explain it to him again slowly, and he puts me on hold. He picks up again and asks what the problem was again. more frustration I tell him once again that I have a decompression error, Avast can’t scan because it’s taking too long and I want to know if it is a natural file in the system.

He finally gives the heck up and transfers me to a higher level tech support, who asks me what the problem is. I tell him, and let him know the address of it in the system. He types into his computer and says “Yep, that’s native to the OS. Don’t delete it.”

I had a lovely chat with this tech guy, he basically said in cases of Decompression error I should do exactly what I did, which is to figure out what the file came from (to determine if it’s bad or not).

So yeah, if anyone else needs to know, mediakit.framework is part of the OS (Mac OS X 10.5.8), and so is bootroot.loader.dmg. They are supposed to be there, and even if something did try to get in, so long as you are running a standard account like I am, it would have to ask you anyway.

I, too, am a new Avast user on Mac. I also did a search on this issue, and read this thread with others I found in other sites. I found another source saying that although bootroot.loader IS a system file and shouldn’t be touched, there’s another similar one with a .dmg extension which is a fake:
http://zgwmzj.com/question.php?id=20121017180515AA9b9tv

So DON’T delete bootroot.loader, but delete bootroot.loader.dmg

I thought I better let you guys know before further damage could be done.

Hallo,
first, those warnings have directly nothing to do with infection - it just warns about the unusually high compression ratio.

regards,
pc

i removed my bootroot.loader, but didn’t delete it because i had a bad feeling that i SHOULDN’T delete it, that maybe avast didn’t know what it was talking about, but now i just have the file sitting on my desktop. i can’t open the mkdriver.bundle where everyone says it’s supposed to go. what should i do?