Posted inInformation Technology

Killing Hyper-V

seasoned_geek by seasoned_geek
HyperVixor Detected

Microsoft has a habit of embedding its own viruses into Windows. Hyper-V is the latest such virus. You are probably all familiar with Microsoft Edge, the buggy useless browser that cannot be uninstalled. Where’s the EU anti-trust group when you need them?

You found this post on Hyper-V because you went here and found the “official” Microsoft documentation doesn’t work for you. Yes, you found yourself to be one of the people on this never ending comment thread for answers.microsoft.com. You will note that this problem has been around since 2013. It keeps getting worse too. The Anniversary Edition updates turned Hyper-V back on for many people and created new ways of making it nearly impossible to remove.

So, after trying to kill Hyper-V per the Microsoft instructions, and all of the pointers on the answer thread, you stumbled into the SpiceWorks topics. No matter how you tried to kill it, the thing kept coming back. System Info kept showing you the dreaded image.

hypervisor detected

The Terribly Difficult Journey

We have to take this journey because Microsoft is the last great bastion of bug riddled backward tech. Hyper-V is a type-1 virtual system and it blocks access for all other, especially type-2 virtualization. Microsoft doesn’t want you using anything but theirs. Trouble is, theirs sucks.

Previously you couldn’t even install Oracle VirtualBox if Hyper-V was present. When I was setting up the new old toy a few days ago, this wasn’t the case. It installed just fine. My 64-bit Ubuntu VMs suffered Ubuntu Black Screen of Death. Ubuntu 18.04 did not. Versions 20.04 and 22.04 both did.

Do not reboot until you get to the very end of this!

Uninstall the devices

The most insidious part of this is Microsoft installing Hyper-V devices and networking protocols. Open the Device manager and hunt for all things Hyper-V.

One of the many devices

This isn’t the only one you have to kill, just one of the many. Expand your network cards and look at all the installed protocols. You can find a few Hyper-V things squirreled away there that need to be killed off as well.

Turn off all things Hyper-V

Yes, you probably did this, but we are going to do it again. It seems you have better success if you kill the devices first. Type “turn” without the quotes in the Windows search bar.

Turn Windows features on or off
Uncheck all things Hyper-V

Don’t forget the hidden stuff.

uncheck Virtual Machine Platform and Hypervisor

Further down in the list is “Virtual Machine Platform” and “Windows Hypervisor Platform.” Deliberately named different to try and keep the Hyper-V virus alive. Uncheck both of these. Do not restart the computer! If you restart all of your hard work will be undone.

Now kill it from the command line

Type “comm” without the quotes in the Windows search bar.

Command prompt

Choose “Run as administrator”

Don’t skip this

I actually didn’t get a screen shot of the other command. For some reason, using the GUI isn’t enough to kill this. Here are the commands for the cut and paste crowd.

DISM /Online /Disable-Feature:Microsoft-Hyper-V
bcdedit /set hypervisorlaunchtype off

For those who want to cut and paste the commands are:

Dism /Online /Cleanup-Image /RestoreHealth

Dism.exe /online /Cleanup-Image /StartComponentCleanup

sfc /scannow

Those take a long time to run. Don’t expect instant gratification. Get up and go get a soda, or go to lunch.

PowerShell

In the Windows command search type “power” without the quotes. Choose “Run as Administrator.”

Disable in PowerShell

For the cut and paste crowd.

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Hypervisor

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All

You’re still not done

Core Isolation and Device Guard are two more versions of this Hyper-V virus. Type “secur” in the Windows command search.

Windows Security app

Choose “Device security” once it starts.

Device Security
Core Isolation Details
Turn off

You have to turn “Memory integrity” off. It uses Hyper-V. You should be running McAfee anyway. Exit after turning off.

No You Are Not Done Yet!

Type “group” without the quotes in the Windows command search bar.

Group policy editor

Navigate to System as shown in the image below.

System is where you find Device Guard
Device Guard
Disable virtualization based security
Virtualization Based Security now disabled

Trust But Verify

Type “reg” without the quotes in the Windows command search bar.

Windows Registry Editor
Verify EnableVirtualizationBasedSecurity is set to 0

Navigate to Lsa as shown in the following image.

set LsaCfgFlags to zero

If you do not have LsaCfgFlags add it with a value of zero. If you have LsaCfgFlags set its value to zero if it isn’t already zero.

Reboot

Now you can finally restart. After you restart bring up your System Information App

What “success” looks like

Believe it or not, this is what “success” looks like. Oracle VirtualBox (and most likely VMWare) can now run Ubuntu 64-bit virtual machines without the black screen of death due to Hyper-V.

Aren’t you glad your computer came with Windows 10 instead of Ubuntu pre-installed?

Roland Hughes started his IT career in the early 1980s. He quickly became a consultant and president of Logikal Solutions, a software consulting firm specializing in OpenVMS application and C++/Qt touchscreen/embedded Linux development. Early in his career he became involved in what is now called cross platform development. Given the dearth of useful books on the subject he ventured into the world of professional author in 1995 writing the first of the "Zinc It!" book series for John Gordon Burke Publisher, Inc.

A decade later he released a massive (nearly 800 pages) tome "The Minimum You Need to Know to Be an OpenVMS Application Developer" which tried to encapsulate the essential skills gained over what was nearly a 20 year career at that point. From there "The Minimum You Need to Know" book series was born.

Three years later he wrote his first novel "Infinite Exposure" which got much notice from people involved in the banking and financial security worlds. Some of the attacks predicted in that book have since come to pass. While it was not originally intended to be a trilogy, it became the first book of "The Earth That Was" trilogy:
Infinite Exposure
Lesedi - The Greatest Lie Ever Told
John Smith - Last Known Survivor of the Microsoft Wars

When he is not consulting Roland Hughes posts about technology and sometimes politics on his blog. He also has regularly scheduled Sunday posts appearing on the Interesting Authors blog.