Shellpar

I recently made it so I could see hidden files and folders. On ym desktop popped up a file called SHELLPAR. I looked through other folders and saw multiples of this same file. When opened with Notepad each gave a different name of a file stored on my computer (or previously deleted/moved).

Does anyone know what this is?

no idea what it is ,but when you right click on it and go to properties / and check out the summary ,or the directory path to see if it releates to something .

A possible trojan dialer. Can you give us some of the filenames listed in the shellpar files please?

These are the shell parameters for each program in the Registry. Don't mess with them.

These are the shell parameters for each program in the Registry. Don't mess with them.

Yes, the Registry has shellpar/shell parameter entries, but I've never encountered distinct SHELLPAR files in any Win 2K/Win XP directories, even when Explorer's View option are set to display all files/folders. Can you elaborate please?

[IMG]http://img.photobucket.com/albums/v471/sefbritt/screenSHELL.jpg[/IMG]

Screenshot of SHELLPAR on desktop and in My Docs.

Hmm, possibly interesting... the filename listed in that particular shellpar file happens to be the SpyBot Search & Destroy executable.

What are the filenames listed in some of the other shellpar files? Please just post the names of the files; those tiny screenshots are a bit hard on the eyes. :)

C:\Documents and Settings\Joey\Cookies\index.dat was the one on my desktop.

they are all links to files like that. I will post some more when I have more time

Do that. In the mean time I'll try to dig up more info on the "shellpar" files in general.

maybe we should see a hijackthis log ,as info found when searching shelpar comes up with reference to a dialer .

maybe we should see a hijackthis log ,as info found when searching shelpar comes up with reference to a dialer .

Yes, it does. A HijackThis log might be a good thing at this point.

JoeyBritt,

HijackThis log analysis is done in our Viruses, Spyware, and other Nasties forum only, so after following the directions below, you'll need to start a new thread in that forum and post the contents of your HijackThis log there:

Download HijackThis:

http://www.majorgeeks.com/download3155.html

Once downloaded, follow these instructions to install and run the program:

1. Create a new separate folder on your drive for HijackThis, move the program into this folder, and run it from there. Don't run HJT from within any Temp or Temporary Internet folder, and don't run it directly from your desktop. A folder such as C:\HijackThis or C:\downloads\HijackThis will do.

2. Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser(s)! HijackThis cannot fully perform its fixes while browsers are running.

3. Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

I also keep getting a file called shellpar on the desktop. By going into notepad and opening the shellpar it shows which file I visited last. Adaware, Spybot and the new Microsoft spyware do not catch it, Norton does not either. If it is a dialler it is out of luck, I am on broadband and my modem is disconnected from the telephone.

I also keep getting a file called shellpar on the desktop... it shows which file I visited last

- What exact version of Windows are you running?

- Do these filenames have any extension, or are they named simply "shellpar" (make sure Explorer's View option to "Hide extensions for known file types" is turned off)?

I'm asking because there isn't much information available on these "shellpar" files at all, and I'm looking for any information that might help me determine what program or process is responsible for generating them.

As I said earlier, I've never seen a shellpar file on any Win system I've ever worked on (and yes- I always set Explorer's View options to show all files).
Also, about half of the references to shellpar files that I can find are in discussions concerning a certain type of trojan dialer.

If anyone can shed more light on this, I'd really appreciate it. :)

- What exact version of Windows are you running?

- Do these filenames have any extension, or are they named simply "shellpar" (make sure Explorer's View option to "Hide extensions for known file types" is turned off)?

I'm asking because there isn't much information available on these "shellpar" files at all, and I'm looking for any information that might help me determine what program or process is responsible for generating them.

As I said earlier, I've never seen a shellpar file on any Win system I've ever worked on (and yes- I always set Explorer's View options to show all files).
Also, about half of the references to shellpar files that I can find are in discussions concerning a certain type of trojan dialer.

If anyone can shed more light on this, I'd really appreciate it. :)

Windows XP Home, no extension But how do you turn Explorer view options to show all? I have some files showing extensoions and some not.
:evil:

...how do you turn Explorer view options to show all?

Open Windows Explorer, and in the Folder Options->View settings under the Tools menu:

- Select "show hidden files and folders".

- Uncheck "Hide protected operating system files".

- Uncheck "Hide extensions for known file types".

Of course, some files really don't have any extensions.

I am also getting SHELLPAR files that appear on my desktop when I select "show hidden files" only. I am running Windows XP Media edition and have in the past deleted them and as far as I know there have been no ill effects from doing that.

my SHELLPAR files never have any extension ( I do have my settings set to show extensions btw) and I do frequent adware/virus checks and they have never detected anything to do with these files.

Should I just ignore them?

thanks!

Are any of you who have these "shellpar" files using the "Ultra Win Cleaner" utility package (or have you had it installed in the past)?

Yes I did have Ultra Win Cleaner off some magazine. I have deleted it and the problem with SHELLPAR has gone away.

Thanks.

Great- thanks for that confirmation, twhitehead. :)

The only common thing I could find in the reports of mysterious "shellpar" files (aside from the few mentions of the trojan dialer) was that systems with Shellpar files also seemed to have UWC installed.

Some other disk/file utilities will "litter" your folders with hidden files that they create and use in the course of doing their job, and I'll bet that's exactly what UWC is doing with the Shellpar files.

A file called SHELLPAR is created by (Windows?) everytime a file is copied or moved outside of the volume in which it originally resided. The contents of the 'just created' SHELLPAR is a basic DOS PATH to the new location of the file you just copied/moved.

As for what creates it - my best guess would be -Windows.

As for why - no idea. As soon as another file is copied/moved out of the same folder the first SHELLPAR is written over with the a new DOS path info for that file. So why create the file and leave it in place if it is only providing the last (most recent) windows transactional PATH for anything/anyone looking?

I'm almost certain it is not part of some internal Malware conspiracy. But I still don't understand what Windows (or whatever) process would be needing this file and why does if have to clutter up my Hard Volumes with it. (might do the same thing on any other type of volume - I've never checked it out before).

Anyway, in addition to the 'what is it' question I would also appreciate any suggestions as to how to prevent it's creation in the first place since, after hundreds of uneventful deletions, there seem to be no adverse effects from it's repeatative extinction (oxymoron?).

Will be looking for an answer to these and all SHELLPAR questions from the Guruliphites, Guru-San Sempais, and/or other Bit Wizards who happen upon this thread.