Security Companies usually apply virtual environment to analyze malware，whereas a large amount of current malware already adopts various VMware detection techniques in order to resist analysis. In this paper，three main methods for detecting the presence of virtual environment are presented，as well as their countermeasures. A performance related method to detect the presence of virtual machine or emulator is designed，which can successfully detect the presence of virtual environment，such as VMware and Qemu，etc.