what is mccleanup

Have you looked to see if there's anything in prefetch, userassist or appcompatcache that stands out? The latter of the named files looks like it might have something to do with uninstall.

Build a timeline and look for activity around the creation time and date of this file - hopefully you'll see something being installed which might give you a better idea of what the software is.

I am using autopsy, and looking for a file shredder I obviously searched for the word "shredder" so I found two deteleted files shredder.ini and shredder_unist.ini
The path of these files was …/temp/MCCLEANUP.5.0.285.4_DMPackage_en-US_Release etc
What is MCCLEAN trying on google seems something from a remover of McAfee or a trojan!
I believe that in that system was installed a cache cleaner and wiping tool.
Thanks

mccleanup.exe is one of the executables in the McAfee MCPR tool package
https://service.mcafee.com/FAQDocument.aspx?id=TS101331

If it is that one, the 5.0.285 verson looks a little bit old, maybe you can find a corresponding version here
https://web.archive.org/web/*/http//download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
download the file and expand it with Universal Extractor (or similar, at least latest versions are NSIS installers)

I just checked and it should be this one
https://web.archive.org/web/20110709081129/http//download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

jaclaz

Have you looked to see if there's anything in prefetch, userassist or appcompatcache that stands out? The latter of the named files looks like it might have something to do with uninstall.

Build a timeline and look for activity around the creation time and date of this file - hopefully you'll see something being installed which might give you a better idea of what the software is.

In these days I am studying the prefetech files. But nothing cam help me.
Shredded data, clean recent data, clean last year prefetch (our focus).
I will study the others you give me. Thanks

If you're purpose is just to identify a file shredder, jaclaz has given you the information you need. Is there anything else you need to look for?

Timelines (log2timeline, plaso) can really help provide a clear picture of what has been happening.

mccleanup.exe is one of the executables in the McAfee MCPR tool package
https://service.mcafee.com/FAQDocument.aspx?id=TS101331

If it is that one, the 5.0.285 verson looks a little bit old, maybe you can find a corresponding version here
https://web.archive.org/web/*/http//download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
download the file and expand it with Universal Extractor (or similar, at least latest versions are NSIS installers)

I just checked and it should be this one
https://web.archive.org/web/20110709081129/http//download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

jaclaz

Thanks Jaclaz. But my doubt now is why use a McAfee remover in a firm where never been used McAfee products?

What is MCCLEAN trying on google …

What?

What is MCCLEAN trying on google …

What?

Obviously OP's first language is not English - I think if you read the rest of the sentence, however, you'll understand what OP is saying. It's not that difficult.

Do you have anything to add?

Thanks Jaclaz. But my doubt now is why use a McAfee remover in a firm where never been used McAfee products?

The answer, my friend, is blowing in the wind wink

Only you can answer that questions knowing the case at hand and all the context around it, since it seemingly was in a \temp\ folder it could have been the effect of downloading and attempt to install it (or just opening the MCPR.EXE in an archive decompressor o similar).
I.e. (just as a example) it is possible that it was downloaded "by mistake" (thinking to download *something else*) and never used once it was clear that it was not what the user was expecting. ?

A theory as good as anyone else without any related info.

As a side note (and being not a professional in digital forensics, so take any advice from me with some added caution) in my little experience as an amateur at data recovery, I find often remnants or traces of *any* kind of crappy or meaningless software on *any* machine, very often without any real reason justifying (not even remotely) it's presence, while, on the other hand, sometimes it is an interesting exercise and it is easy to get an idea of the personality of the user judging from the crap that he/she senselessly downloaded or installed on the hard disk, and some other times the only reason was "just for the lolz of it" or "cool, this is l337" reasons.

jaclaz

The path of these files was …/temp/MCCLEANUP.5.0.285.4_DMPackage_en-US_Release etc

The 5.0.285 version!! Strange!