DETIboot is an over-the-air, file distribution system that allows a teacher to gain control over students' personal laptops during exams, by distributing a properly hardened Linux operating system image. In this scenario, a student could boot the hardened image over a Virtual Machine, being able to explore the hosting system while doing the exam on the hosted one. In this paper we present Virtual Machine Halt (VMHalt), a solution conceived for the detection of unknown, uncooperative x86_64 Virtual Machines and system emulators. For that purpose, VMHalt uses several strategies to classify an underlying layer as virtual. Our results shows that: although individual strategies have their own weaknesses, leading to a wrong decision, by excluding the ones that could classify a physical system incorrectly as a virtual one, a weighted decision from all strategies correctly detects an underlying virtualization engine with increased probability, while true hardware is always recognised as such.