Some users have been reaching us with questions about the validity of rubyw.exe. Most of the time, users turn their attention towards this executable after discovering that the process is consistently taking up system resources. Additionally, the process is also linked to the “Failed to create process” error.
The genuine rubyw.exe process is used by a VPN software called Private Internet Acess. However, we urge you to investigate the process as some users have reported that the executable was highjacked by a malware infection.
What is rubyw.exe?
The rubyw.exe executable is used by a popular VPN solution called PIA (Private Internet Acess). Essentially what rubyw.exe does is act as an interpreter. Its job is to run a packaged copy of the script + the executable + the other components that are brokering the VPN network.
You might notice high resources usage spikes at the moment when the process bootstraps from the executable and extracts a copy of Ruby and all the other gems needed to run.
Using the genuine rubyw.exe process poses no security risks as the executable is called to figure out and optimize which data center to use in order to achieve the best speed.
Potential security threat?
Unlike other suspicious executables, figuring out if rubyw.exe is genuine or malicious is very easy. You can probably consider the process safe if you have PIA (Private Internet Acess) installed on your system and running as your VPN.
You can be extra sure that the process is genuine by temporarily closing the VPN connection facilitated by PIA and seeing if the rubyw.exe process goes away. If you completely disable Private Internet Acess and you still find that the process is running in Task Manager with the same amount of resource consumption, you might be indeed be dealing with a malicious executable.
A malicious infection is even more likely if you don’t have Private Internet Acess installed on your system. If you don’t have any VPN currently configured on your system, we recommend scanning your system with a powerful security suite like Malwarebytes. If you need help, follow our in-depth article (here) on using Malwarebytes to identify and remove malware.
Note: Keep in mind that Malwarebytes and other antivirus security suites are known to trigger false positives when scanning VPN executables such as the rubyw.exe. If you rely on your VPN, you should not let the security scanner to quarantine the executable as it will break your VPN connection. If you rely on your VPN connection, you should instruct your antivirus to consider it safe.
Should I remove rubyw.exe?
As stated above, rubyw.exe is an essential part of the well functioning of the Private Internet Acess VPN software. If you don’t’ use the software, you can remove the executable, but it’s best that you remove it along with the whole VPN suite. To do this, open up a Run command (Windows key + R), type “appwiz.cpl” and hit Enter to open Programs and Features.
In Programs and Features, locate and right-click on Private Internet Acess and choose Uninstall. Then follow the on-screen prompts to uninstall the VPN software from your system.
If you’re dealing with the “Failed to create process” error, you’ll most likely manage to resolve the issue by reinstalling the VPN suite. Simply uninstall PIA using the steps above, then visit this link (here), download the installer and use it to install a clean copy of Private Internet Acess.