AVG deep scan shows PioPlus.exe as rootkit

As per the title, I did a deep scan with AVG, I had 4 notifications of potential problems on my computer (windows 7), 3 of them I dismissed, but the remaining notification suggests a problem with pioplus.exe, see image.

Any info appreciated.

I’ve just run Atom and compiled a firmware.bin for tasmota, all seems to be working okay, but I am concerned.

The pioplus.exe binary probably uses some form of obfuscation or packing. Since the binary handles, according to its name, the paid PIO plus subscription logic, this is pretty expected in a commercial product. Wrong result may be due to heuristics.

I just run the copy of pioplus.exe I have on my machine

%userprofile%\.platformio\packages\tool-pioplus\pioplus.exe

And this was the result - no matches at all across 70 different AV engines.

If you want to see if there is something going on on your system, load the file you have onto VirusTotal, and see if it gives the same results/matches as the the scan I did.

And like Max said, packing can be a common cause of false positives… I found out the other day that AV scanners are starting to blindly go “that UPX compressed executable must be a virus”… even though that UPX compressed executable was the self-contained version of some code I had written and compiled! :confused: :angry: Oh how I hate how lazy these AV vendors are becoming!

Thanks for the reply Max. Atom still seems to be performing correctly, so I’ll dismiss it for now.

Thanks for replying pfeerick, I feel comfortable enough leaving things as they are, as both yourself and Max don’;t really see it as a problem and my install of Atom seems to still be working correctly, I compiled another firmware.bin for tasmota to be sure…no problems.
AVG has become absolutely crap over the last few years, ever since they started bombarding users with UPGRADE (paid) ads and messages, etc. But hey, I get what I deserve I guess by using ‘free’ services (avg).
Out of pure curiosity, what AV packages do you guys use?
Regards
Markkyboy

Nowadays on Windows I just use a combination of the built-in windows defender, and Malwarebyte Pro. Prior to that, I’ve used avast, AVG - both of which seemed to just slow the system down. I found Sophos AV pretty good, and I did use a paid version of ESET NOD32 ages ago, which I found really good, and may get around to revisiting at some point.

Some logic of PIO Plus is written in Go and another in Python which depends on open source PlatformIO Core. We add it to PYTHONPATH before running pioplus.exe. You can check it in https://github.com/platformio/platformio-core/blob/develop/platformio/managers/core.py#L127:L132. This can lead to an issue with antivirus tools.

We are working on eliminating pioplus.exe bridge. Please give us some time. Also, some good news are coming soon to whole PlatformIO ecosystem. Stay tuned with us at https://twitter.com/PlatformIO_Org

1 Like