Share via

powershell high ram usage

Anonymous
2024-03-10T13:38:17+00:00

Hello, a couple of days ago i've noticed that my laptop suddenly ran slower than usual, working and on games. This prompted me to examine the cause of this, which is when I noticed that there are multiple powershell.exe running and using super high ram and CPU usage. In another thread similar to this issue, someone helped them and used Farbar to remove it. But I don't understand how to do the same.

Below is the link for the Farbar txt files. https://drive.google.com/drive/folders/1ivVJyWFoYIdFE7AA4NbYl-rbGmVtL5D4?usp=drive_link

Any assistance regarding this issue would be greatly appreciated :). Thanks in advance

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

_AW_ 67,926 Reputation points Volunteer Moderator
2024-03-11T00:02:03+00:00

Thanks, I got the link working. The log shows that the malware has successfully been removed. The Powershell stuff was all miner related thus the high CPU and RAM usage.

You also had a Remote Administration Tool, Quasar RAT, which is an open source RAT often used by malware actors to steal passwords and information they may find useful and many other uses.

Your entire 'C' drive had also been excluded from Defender's detections hence nothing was being detected and removed.

More info on its capabilities at https://github.com/quasar/Quasar#features 

I suggest you change any important passwords and setup MFA where possible.


If there's nothing further, clean up by deleting Farbar and the C:\FRST folder.

Also, it would be very much appreciated if you would mark the thread as answered, by pressing 'Yes' below the post(s) that provided the solution.

Good luck! :)

Was this answer helpful?

1 person found this answer helpful.
0 comments

Answer accepted by question author

_AW_ 67,926 Reputation points Volunteer Moderator
2024-03-10T13:56:04+00:00
  • Download Fixlist.txt and save to the folder FRST64.exe is in
  • Run FRST64 and click "Fix" - the PC will reboot to complete the procedure

Please upload Fixlog.txt

Was this answer helpful?

1 person found this answer helpful.
0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-03-11T06:08:04+00:00

    thank you very much! Just an additional question, did the log tell anything about the source of the malware? as in where I got it from?

    But other than that thank you so much for your help :)

    Was this answer helpful?

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Anonymous
    2024-03-10T22:23:37+00:00

    Thank you very much for the quick reply! I have uploaded the fixlog.txt in the same drive! Are there any additional things that I have to do after this? If so, what are the cause of the high powershell usage and its purpose?

    Thank you in advance again!

    https://drive.google.com/drive/u/2/folders/1ivVJyWFoYIdFE7AA4NbYl-rbGmVtL5D4

    Was this answer helpful?

    0 comments