Notifications
Clear all

cleanmgr.exe

5 Posts
3 Users
0 Likes
287 Views
(@bluedragon)
Posts: 60
Trusted Member
Topic starter
 

Anyone know what is cleanmgr.exe found in C\WINDOWS\system32

1) What does it do??
2) Does the user need to activate it for it to run or was the software automated?
3) Any tools to analyze this software? Need to know when it was run, did the user activate it and also what was deleted.

Any help will be appraciated.

 
Posted : 14/08/2007 1:42 pm
 kern
(@kern)
Posts: 67
Trusted Member
 

q 1 & 2 google and microsoft provide a wealth of info,
q3 needs you to put in some research time.

 
Posted : 14/08/2007 3:15 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> 1) What does it do??

I have it on XP, and according to the file versioning info within the file
Filename c\windows\system32\cleanmgr.exe
Type Application
OS NT/Win32
Orig Filename CLEANMGR.DLL
File Descriptoin Disk Space Cleanup Manager for Windows
File Version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name CLEANMGR
Company Name Microsoft Corporation
Copyright ⌐ Microsoft Corporation. All rights reserved.
Product Name Microsoft« Windows« Operating System
Product Version 6.00.2900.2180

> 2) Does the user need to activate it for it to run or was the software
> automated?

It looks like the software may be activated as necessary by the OS…maybe.

> 3) Any tools to analyze this software?

Sure, all over the place…strings.exe, Perl, etc. Check out "Windows Forensic Analysis"…it'll tell you some tools and techniques for analyzing EXE files.

> Need to know when it was run, did the user activate it and also what was
> deleted.

Well, if you're on XP, check the contents of the Prefetch directory. Then check the contents of the UserAssist key for each user.

HTH,

Harlan

 
Posted : 14/08/2007 3:16 pm
(@bluedragon)
Posts: 60
Trusted Member
Topic starter
 

Thanks Harlan and Kern,

I'm not very good in handling registry files. Where cal I find the Prefetch directory and what to look pou for. Same for the UserAssist key.

Any help appreciated.

 
Posted : 17/08/2007 6:56 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> I'm not very good in handling registry files.

No problem…there's info all over about this, particularly in my book.

> Where cal I find the Prefetch directory and what to look pou for.

Uhm…

C\>dir /s /ad Prefetch

> Same for the UserAssist key

Check out my book.

Harlan

 
Posted : 17/08/2007 3:47 pm
Share: