If you’ve noticed that some PowerShell windows randomly pop up for a split second and your CPU usage spikes up strangely, you’re probably dealing with some nasty malware. This can be quite a scary experience, especially if you find out that a virus or malware has been running commands without your knowledge for who knows how long. This guide will show you what you should do when such things happen and how to try to (maybe) get rid of the malware without wiping your computer and reinstalling the OS again.
Also see: Why is My Memory Usage So High When Nothing is Running?
Page Contents
What to do if you see a sudden PowerShell pop-up that spikes your CPU usage?
When you spot unexpected PowerShell activity along with a high CPU spike, you should first consider this as a possible malware attack. Your antivirus, such as Windows Defender, might not be scanning properly or may be missing some files. This can happen if certain drives or folders are left out of scans, which is a pretty common malware trick to stay hidden.
To fix this, go to your antivirus software’s “exclusion list“, “whitelist” or whatever it’s called, and remove any scan exclusions you didn’t set by yourself.
Then, do a full system scan to look for any malware. If you find some, your antivirus should get rid of it. But if you do find malware, you’ll need to take some extra steps to make sure your system is totally clean and your data is secure.
- Use multiple antivirus tools to scan your computer again to get a second or even third opinion (I use Kaspersky, AVG, and sometimes just Windows Defender). Sometimes one antivirus might miss something. Free online scanners from well-known companies can provide a fresh perspective.
- Check your antivirus settings again to make sure no files or folders are left out of scans (excluded) that could be hiding malware.
- After you remove the malware, keep an eye on your CPU and look out for any weird activity to make sure nothing harmful is left over.
These suggestions should help you fight off malware that tries to use PowerShell to run harmful scripts on your PC.
Pro tip: How to Scan an .exe File for Viruses to Check If It’s Safe
What to do next?
After you clean up the initial infections, you should still do a deeper security checks, especially if you’ve dealt with tough malware like Quasar, which can log your keystrokes and remotely access your computer. This kind of malware is very risky and dangerous because it can steal your passwords, watch you through your webcam, and even take over your PC.
- If something as nasty as Quasar got into your system, you might want to consider starting fresh with a new installation of your OS instead. Starting new means you can completely get rid of any hidden malware and fix damaged system files.
- If the malware had keylogging abilities, change all your passwords using another computer that’s safe, and try to use stronger passwords this time. This goes for your email, bank accounts, and other important accounts.
- Also, if you have devices like a NAS (Network Attached Storage) connected to your network, scan them too to make sure they’re not compromised.
- Before you bring back any files from backups, make sure those backups are free of malware. Restoring a backup with an infected file could re-infect your computer.
Suggested read: High CPU Usage After Windows 11/10 Update (Fix)
Check your startup programs
Even after you deal with the malware, don’t forget to check which apps start automatically when your computer boots.
Review your startup programs and scheduled tasks. Malware often sets itself up to start automatically. Tools like Microsoft’s Autoruns can show you everything that starts up with your computer. Watch out for any programs you don’t recognize or that look suspicious.
Try to look for the problematic PowerShell script
Look for PowerShell script files on your system. These files end with “.PS1” and might contain scripts that do harmful things. Look for recent PS1 files, especially those in strange places or with weird names. You can open these files with a basic text editor like Notepad, just be sure not to run them.
One last thing
A lot of keeping your computer safe is about how you use it. It’s simple: the less careful you are, the more likely you are to get malware. I’ve seen so many times when people just make bad choices, like opening unknown EXE files from Discord or downloading pirated software. These are big welcomes for malware, Trojans, or viruses. Really, if you stick to well-known app stores and websites and skip the shady downloads, you’ll be much safer. It’s not perfect, but it’s a lot better.
