PowerShell pop up for a second and high CPU usage

Published by Nyau Wai Hoe - Updated on

If you’ve noticed that some PowerShell windows randomly pop up for a split second and your CPU usage spikes up strangely, you’re probably dealing with some nasty malware. This can be quite a scary experience, especially if you find out that a virus or malware has been running commands without your knowledge for who knows how long. This guide will show you what you should do when such things happen and how to try to (maybe) get rid of the malware without wiping your computer and reinstalling the OS again.

Also see: Why is My Memory Usage So High When Nothing is Running?

PowerShell pop up for a second and high CPU usage Windows 11

What to do if you see a sudden PowerShell pop-up that spikes your CPU usage?

When you spot unexpected PowerShell activity along with a high CPU spike, you should first consider this as a possible malware attack. Your antivirus, such as Windows Defender, might not be scanning properly or may be missing some files. This can happen if certain drives or folders are left out of scans, which is a pretty common malware trick to stay hidden.

To fix this, go to your antivirus software’s “exclusion list“, “whitelist” or whatever it’s called, and remove any scan exclusions you didn’t set by yourself.

Manage Kaspersky Antivirus exclusions of files, folders or applications

Then, do a full system scan to look for any malware. If you find some, your antivirus should get rid of it. But if you do find malware, you’ll need to take some extra steps to make sure your system is totally clean and your data is secure.

Run a full virus scan on Windows 11

  1. Use multiple antivirus tools to scan your computer again to get a second or even third opinion (I use Kaspersky, AVG, and sometimes just Windows Defender). Sometimes one antivirus might miss something. Free online scanners from well-known companies can provide a fresh perspective.
  2. Check your antivirus settings again to make sure no files or folders are left out of scans (excluded) that could be hiding malware.
  3. After you remove the malware, keep an eye on your CPU and look out for any weird activity to make sure nothing harmful is left over.

These suggestions should help you fight off malware that tries to use PowerShell to run harmful scripts on your PC.

Pro tip: How to Scan an .exe File for Viruses to Check If It’s Safe

What to do next?

After you clean up the initial infections, you should still do a deeper security checks, especially if you’ve dealt with tough malware like Quasar, which can log your keystrokes and remotely access your computer. This kind of malware is very risky and dangerous because it can steal your passwords, watch you through your webcam, and even take over your PC.

Quasar Malware Detected

  1. If something as nasty as Quasar got into your system, you might want to consider starting fresh with a new installation of your OS instead. Starting new means you can completely get rid of any hidden malware and fix damaged system files.Reinstall Windows 11
  2. If the malware had keylogging abilities, change all your passwords using another computer that’s safe, and try to use stronger passwords this time. This goes for your email, bank accounts, and other important accounts.Use Strong Passwords
  3. Also, if you have devices like a NAS (Network Attached Storage) connected to your network, scan them too to make sure they’re not compromised.
  4. Before you bring back any files from backups, make sure those backups are free of malware. Restoring a backup with an infected file could re-infect your computer.

Suggested read: High CPU Usage After Windows 11/10 Update (Fix)

Check your startup programs

Even after you deal with the malware, don’t forget to check which apps start automatically when your computer boots.

Review your startup programs and scheduled tasks. Malware often sets itself up to start automatically. Tools like Microsoft’s Autoruns can show you everything that starts up with your computer. Watch out for any programs you don’t recognize or that look suspicious.

Autoruns Windows 11

Try to look for the problematic PowerShell script

Look for PowerShell script files on your system. These files end with “.PS1” and might contain scripts that do harmful things. Look for recent PS1 files, especially those in strange places or with weird names. You can open these files with a basic text editor like Notepad, just be sure not to run them.

Example PowerShell Scripts on Windows 11

One last thing

A lot of keeping your computer safe is about how you use it. It’s simple: the less careful you are, the more likely you are to get malware. I’ve seen so many times when people just make bad choices, like opening unknown EXE files from Discord or downloading pirated software. These are big welcomes for malware, Trojans, or viruses. Really, if you stick to well-known app stores and websites and skip the shady downloads, you’ll be much safer. It’s not perfect, but it’s a lot better.

Nyau Wai Hoe
Nyau Wai Hoe is the Founder and Chief Editor of WindowsDigitals.com. With a degree in software engineering and over 12 years of experience in the tech support industry, Nyau has established himself as an expert in the field, with a primary focus on the Microsoft Windows operating system. As a tech enthusiast, he loves exploring new technologies and leveraging them to solve real-life problems.

Share via
Copy link