by   April 21 2011   
AVG detects VirtualSerial.SYS while running rootkit scanner. False Positive. During a normal rootkit scan AVG detected the DeLorme Serial Port Emulator as an inline hook. C:\WINDOWS\System32\Drivers\VirtualSerial.SYS Inline hook VirtualSerial.SYS +0x2110 VirtualSerial.SYS +0x211C. Resources include Delorme GPS.

Reporting and Discovering Antivirus False Positives

AVG might be a bit paroid at times but, for me that's fine. I'll create exceptions and report false positives in return for good virus detection.

The DeLorme GPS LT-20 offers a serial port emulator developed I believe by Constellation Data Systems of Ohio.

Their Virtual to Physical serial port software update is here. Download Here.

Here is the link to the forums at DeLorme which offer a few lines of how to uninstall and update your Serial Emulator. Visit Delorme Forums here.

I haven't updated at this point but will create an exception in AVG to skip my serial emulator for my GPS.

The Message looks very bad but not to worry.

C:\WINDOWS\System32\Drivers\VirtualSerial.SYS Inline hook VirtualSerial.SYS +0x2110  VirtualSerial.SYS +0x211C. Resources include Delorme.

Its only your GPS or application that requires a Serial Port which many no longer have and require emulators to convert the data to USB channels.

Technical Side Note: AVG has limits to the size of the file it can store in its vault. You might find at times the virus has not been transferred to the virus vault due to its size.

Additionally this same limitation is set for submitting a virus to AVG for analysis. I've found many failed submissions due to the size of the file.

AVG detects VirtualSerial.SYS while running rootkit scanner. False Positive. During a normal rootkit scan AVG detected the DeLorme Serial Port Emulator as an inline hook. C:\WINDOWS\System32\Drivers\VirtualSerial.SYS Inline hook VirtualSerial.SYS +0x2110 VirtualSerial.SYS +0x211C. Resources include Delorme GPS.