How to Resolve the High CPU Usage Issue Caused by Viruses in the PV Driver Process

Publication Date:  2015-03-10 Views:  332 Downloads:  2
Issue Description
In multiple Windows 7 VMs that operate normally, the CPU usage of the HwUVPUpgrade.exe process of PV Driver increases sharply and finally occupies 1 CPU fully and does not release the CPU, as shown in Figure 1. As a result, user operations become very slow. After the VMs are restarted, the CPU usage of the process decreases to the normal level. However, it increases sharply again after a period of time.
Handling Process
1. If this issue has occurred in a VM in use, install antivirus software to find, delete, and protect against viruses.
2. Scan the VM templates for viruses. If a VM template has viruses, delete it and create a template again.
Root Cause
1. HwUVPUpgrade.exe is a tray process of PV Driver. It mainly displays pop-out windows during a PV Driver upgrade. Analysis engineers confirmed that no upgrade operations have been performed recently. Obtain the system log of the VMs in question and the HwUVPUpgrade.exe file so that the issue can be replicated in a lab. Copy the file to a VM in a lab. Symantec prompts that the HwUVPUpgrade.exe file contains viruses, as shown in Figure 2.

Figure 2 Viruses detected by Symantec



It is suspended that this issue is caused by the viruses.
Check the installed software list of the Windows 7 VMs at the site. It is found that no any antivirus software is installed. The size of a normal HwUVPUpgrade.exe file is 196 K, while the size of the file of the VMs in question is 260 K. It is determined that this file contains codes injected by viruses.

2. Install antivirus software at the site. The software scans the VMs in question and detects a lot of viruses. After deleting these viruses, this issue does not occur again. It is confirmed that this issue is caused by viruses in the HwUVPUpgrade.exe file.
Suggestions
Install antivirus software on VMs to protect against viruses, especially for the Windows operating system.
To identify such an issue, obtain the .exe file of the corresponding process first and then use antivirus software to find and delete all viruses. This facilitates problem replications in labs.

END