1. HwUVPUpgrade.exe is a tray process of PV Driver. It mainly displays pop-out windows during a PV Driver upgrade. Analysis engineers confirmed that no upgrade operations have been performed recently. Obtain the system log of the VMs in question and the HwUVPUpgrade.exe file so that the issue can be replicated in a lab. Copy the file to a VM in a lab. Symantec prompts that the HwUVPUpgrade.exe file contains viruses, as shown in Figure 2.
Figure 2 Viruses detected by Symantec
It is suspended that this issue is caused by the viruses.
Check the installed software list of the Windows 7 VMs at the site. It is found that no any antivirus software is installed. The size of a normal HwUVPUpgrade.exe file is 196 K, while the size of the file of the VMs in question is 260 K. It is determined that this file contains codes injected by viruses.
2. Install antivirus software at the site. The software scans the VMs in question and detects a lot of viruses. After deleting these viruses, this issue does not occur again. It is confirmed that this issue is caused by viruses in the HwUVPUpgrade.exe file.