During a routine weekly review of Windows Performance Monitor logs for a finance department workstation, you notice that CPU utilization jumped from its normal baseline of 5-10 percent to a sustained 95-100 percent between 02:00 and 04:30 on three consecutive weeknights. Disk and network I/O also trended upward slightly, but no large file copies or backups were scheduled for that endpoint, and the Windows Update history shows the last successful patch installation occurred two weeks ago. The user who is assigned to the system was off-site on vacation and had not initiated any remote-access session. Given these observations, which of the following provides the most likely explanation for the abnormal processor activity?
Unexpected legitimate user activity is occurring during those hours.
A failing hardware component is generating excess CPU load.
The IT department scheduled system updates or backups that are monopolizing processor time.
The workstation is likely infected with malware, such as a crypto-mining payload that is consuming CPU resources.
Sustained, near-maximum CPU utilization on an otherwise idle endpoint-especially when no scheduled maintenance tasks or user activity are taking place-strongly suggests the presence of unauthorized or malicious software. Crypto-mining malware is specifically designed to consume as much processing power as possible to generate cryptocurrency, and numerous security reports note that such malware routinely drives CPU (or GPU) usage close to 100 percent. In contrast, properly tuned patch jobs or backup agents usually throttle resources or complete quickly, hardware failures tend to manifest as crashes or thermal-related shutdowns rather than steady CPU saturation, and legitimate user activity is ruled out by the user's verified absence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is crypto-mining malware?
Open an interactive chat with Bash
How can you detect crypto-mining malware on a system?
Open an interactive chat with Bash
What actions should be taken if crypto-mining malware is detected?