how is such a hack tool guarded against?
- Prevent your computer to boot from an external media by setting appropriate options at the BIOS level and protecting this configuration using a BIOS password,
- Use Trusted Boot where TPM chip is available (most professional laptops have one, this Dell Latitude has one),
- Use full disk encryption, this recommendation being the most important one.
As a side note, Kon Boot documentation states that it does not work on system where the BIOS available memory is too small. Whether this limitation can help to guard against this attack, I'm not sure...
Regarding the video the author claims to have already enabled the two latter recommendations using Dell's Control Point Security Manager, but it seems obviously untrue (encrypted disks are officially unsupported by Kon Boot, see here, here and there), either because the video author mistakenly did not setup these features correctly, or for other reasons. As a side note, he promotes a commercial encryption product in his video description, so...
Would such a tool be able to hack a virtual machine?
Yes, if someone get administrative access to the virtual machine is able to boot it from an external media it will work the same as way with a physical PC (I have not tested it myself, but encountered blog posts where people actually used VM to safely test this tool and bypassed their password successfully).