Notifications
Clear all

cleanmgr.exe

5 Posts
3 Users
0 Reactions
587 Views
(@bluedragon)
Trusted Member
Joined: 18 years ago
Posts: 60
Topic starter  

Anyone know what is cleanmgr.exe found in C\WINDOWS\system32

1) What does it do??
2) Does the user need to activate it for it to run or was the software automated?
3) Any tools to analyze this software? Need to know when it was run, did the user activate it and also what was deleted.

Any help will be appraciated.


   
Quote
 kern
(@kern)
Trusted Member
Joined: 20 years ago
Posts: 67
 

q 1 & 2 google and microsoft provide a wealth of info,
q3 needs you to put in some research time.


   
ReplyQuote
keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
 

> 1) What does it do??

I have it on XP, and according to the file versioning info within the file
Filename c\windows\system32\cleanmgr.exe
Type Application
OS NT/Win32
Orig Filename CLEANMGR.DLL
File Descriptoin Disk Space Cleanup Manager for Windows
File Version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name CLEANMGR
Company Name Microsoft Corporation
Copyright ⌐ Microsoft Corporation. All rights reserved.
Product Name Microsoft« Windows« Operating System
Product Version 6.00.2900.2180

> 2) Does the user need to activate it for it to run or was the software
> automated?

It looks like the software may be activated as necessary by the OS…maybe.

> 3) Any tools to analyze this software?

Sure, all over the place…strings.exe, Perl, etc. Check out "Windows Forensic Analysis"…it'll tell you some tools and techniques for analyzing EXE files.

> Need to know when it was run, did the user activate it and also what was
> deleted.

Well, if you're on XP, check the contents of the Prefetch directory. Then check the contents of the UserAssist key for each user.

HTH,

Harlan


   
ReplyQuote
(@bluedragon)
Trusted Member
Joined: 18 years ago
Posts: 60
Topic starter  

Thanks Harlan and Kern,

I'm not very good in handling registry files. Where cal I find the Prefetch directory and what to look pou for. Same for the UserAssist key.

Any help appreciated.


   
ReplyQuote
keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
 

> I'm not very good in handling registry files.

No problem…there's info all over about this, particularly in my book.

> Where cal I find the Prefetch directory and what to look pou for.

Uhm…

C\>dir /s /ad Prefetch

> Same for the UserAssist key

Check out my book.

Harlan


   
ReplyQuote
Share: