IE7 False Positives: ieproxy.dll + xpshims.dll

since yesterday i’m receiving reports from several places where i installed CIS about a virus who got stuck in their computers and disabled internet access.

i’ve entered through UltraVNC 1.0.2 (btw winvnc.exe + vnchooks.dll are also false positives) so they have Internet. I’ve got a careful look in their event viewer and saw that 2 Internet Explorer dll’s, ieproxy.dll and xpshims.dll were blocked and classified as “UnclassifiedMalware”.

just to let you know that they are not.

best regards

Same here with IE8

same where.

On booth versions.

If u put in Quarantine iexplore dont execute anymore.

Hi maikkano,

Please submit these samples at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year so we can verify this issue.



i’ll eagerly await your response

best regards

Hi maikkano,

Thank you for submitting the files to us!

We verified them and ieproxy.dll & xpshims.dll were found as being false-positives. A fix is already live with DB 3580.

Both winvnc.exe & vnchooks.dll are potentially unsafe applications, therefore detection was not modified. If you want to use them further, you can add them to CIS exclusion list.


thank you for the quick response.though i understand why WinVNC is considered to be a virus, i’m sad by that fact b/c it’s my most used tool.

thank you for your time