So I scanned "pia_manager.exe" with VirusTotal and it came up with 12 viruses.

So I read some stuff about rubyw process being a virus or something and then i decided to use virustotal on PIA and I am a bit concerned about the results.

Can someone explain this to me? Is it a bad virus or are these things false positives?


  • Posts: 123
    I can confirm it's a false positive! One indication that it could be is the low detection rate and that most of them give different results as to what it think it is. Another bunch of them simply report it as "heuristics" or "generic", which means it thinks it can be malicious given what the program contains in its code.

    rubyw.exe is the Ruby interpreter for Windows. The PIA application is written mostly in Ruby, which means it needs Ruby to be installed to run it and it why PIA comes with it. This is a bit like Java applications requires the installation of the Java Runtime, and .NET apps requires the installation of the .NET Framework and DirectX games requires the installation of the DirectX runtime.

    It's not impossible that some malware are also written in Ruby and that consequently the presence of rubyw be an indicator of an infection, but with PIA running this is perfectly normal. You should see the following process tree from PIA:

    pia_manager.exe -> rubyw.exe -> pia_manager.exe -> rubyw.exe -> 3x pia_nw.exe

    I don't know why the app is being flagged as malicious, but it has been for a really long time and my personal guess is that an application that packs a Ruby interpreter, a Chromium browser, OpenVPN and the TAP-Win32 driver has a really good toolbox to do a lot, so the AV companies go with the side of caution.
Sign In or Register to comment.