Hi,

I run a computer facility with internet access.

Recently I found out that many of my computers had CPU miners running and mining for the same wallet address.
I know how to stop all those processes and clean up my system.

1. But I want to know if it is possible to trace the person who put the programs in the machines.

I see the miner exe file and a batch file to execute the exe with a wallet address. Is there anything I can do with this?

2. Also I want to know how to find out if this happens again. (Since I have good machines, I couldn't really tell any speed compromise because of the miners. This time I accidentally opened task manager and found these processes hogging up my CPUs.
But I can't keep doing this every time on every machine.)

Thank you