Process hiding is a common attack used by long-lived malicious processes to conceal their presence from security and administration tools. Multiple techniques based on Virtual Machine Introspection (VMI) were proposed to detect the presence of hidden running process in virtual machines. However, existing techniques are not practical for real world cloud environments as they suffer from evasion attacks or use manually provided and too OS-specific information. In this paper we present HPD, a VMI-based Hidden Process Detector that instruments guest OS kernel functions to automatically and reliably detect and terminate execution of hidden processes. We designed and implemented a prototype of HPD on KVM hypervisor. Its evaluation on multiple Linux kernels shows that from the hypervisor level, HPD detects successfully the presence of hidden running processes and safely terminate their execution.