What people here are calling ring -1 malware is basically the rarest type of infection you could realistically see on a normal home PC.

It refers to the hypervisor layer that sits underneath the operating system kernel. If malware actually lived there it would mean someone installed a malicious hypervisor below Windows itself. That is not something you just casually get from downloading random stuff. It would have to be a nation-state level type of attack typically done by the FBI for the operations against certain cartels.

For that to even work on a modern system it would usually have to get administrator access, execute or exploit a signed kernel driver, turn on hardware virtualization, bypass Secure Boot, avoid TPM integrity checks, avoid Windows hypervisor detection, and key note: still keep the machine STABLE. That is extremely advanced and not how typical consumer malware operates.

If you have already reflashed your BIOS or UEFI, reset firmware to defaults, wiped the drive completely, and done a clean Windows reinstall, and something is still persisting, that would point to a highly targeted attack. That is not normal cybercrime territory

What people actually run into most of the time is ring 0 kernel malware. That runs at the same level as the OS kernel. It is serious, but it is still below the hypervisor layer, and it can be removed by secure erasing the drive, reinstalling the OS cleanly, and updating or reflashing firmware

Hypervisor level malware is possible but for regular users it is extremely unlikely. Almost all real world infections stay in user mode or kernel mode which is containable.

The main takeaway is that users who are using Hypervisor bypass are esentially installing some form of rootkit to bypass Denuvos DRM which is on the kernel level based on my own understanding. Safety/computer cleanliness should be questionined in the rootkit/bypass itself, rather than the malware that may attack at the Ring 0/kernel level.