iMac infected with virus that creates hidden windows partition, won’t boot from USB or internet recovery

Thanks again for all your help so far. I booted up the fresh install, installed GPT fdisk, rebooted into recovery mode and I have the exact same issue as I had before where I can see a partition in GPT fdisk that I don’t know where it came from, and there is a 2 gig Mac OS base system disk image that I cannot get to eject from the computer.

is it normal to have an EFI partition on the base disk0, and a 2gb OSX base image on disk1s1 that I cannot eject or delete? Is that the recovery disk? Because I can boot to it from using option when I boot but I can’t boot from USB

On my previous installs there was always the ability to boot from USB and I never had this 2gb OSX disk that I couldn’t eject.

All I would like to do is boot from USB and format the drive so that it doesn’t say 465gb in disk utility when it’s formatting, I’ve wipes this machine many times and it always formatted to 500gb and I never had any issues booting from USB.

If you look at the last picture I posted from diskutilty, what is container disk 1 and why can’t I see it there?

Aside from the strange issue where the drive said it is only formatting 465gb of 500 when it used to say it formatted 500gb, there are other issues with my system when I leave it running.

My internet connection properties will change and Install two thunderbolt connections with my Ethernet connection, then developer tools like Xcode will he installed automatically. Then my system shows it’s running Catalina 15.4 but then I can install the combo update for 15.4 on top of the OS when it says it’s already installed and I am able to download the disk from the App Store without signing into my account. Is that normal? I thought you always had to log in to the App Store to be able to download things, and if you tried to install an update that was already applied, it wouldn’t allow it to install because it checks the version you are running before you try to apply the update.

There is a lot of strange behaviour going on with this Install, and every time I format and start over, nothing changes.

If I could just reboot with a 3rd party partition tool and completely wipe the drive inn pretty sure I can fix it, but there should not be developer tools installing that I didn’t try to install, and then when I try to boot from USB it just goes back to the 2gb Apple disk image that I can’t eject.

I appreciate everyone’s help and feedback but I just wanted to focus on reinstalling the OS from USB so I could fix the issues and I didn’t even really go into all of the strange behaviours I keep having every time I format the computer.

Sorry I couldn’t explain more from the start but I just thought no one would believe me and that the best way to resolve it would be to get it to boot from USB and format it entirely.

So It’s absolutely normal to be able to download items (like the Catalina install disk) from the App Store without connecting your Apple ID to your account and without logging in?

I didn’t think I should be able to Install the 15.4 combo update on a system which is already running 15.4, shouldn’t it say it’s already installed?

Is it regular to have two thunderbolt bridge connections added to your Ethernet settings, and if you remove them they come back?

and should IOBoot setting always prevent you from changing login settings in terminal by default? And booting in recovery and using terminal to start in verbose mode will turn itself off by default?

and terminal should always go to from bash to zsh mode by default and save a log file of all the commands you enter?

and if I disconnect the Ethernet cable, wifi will turn itself on and connect to my router using the SSID info and password which I have removed?

The behaviour on my “fresh“ installs is not normal. Besides the fact that boot from USB is not working with a fresh install made from terminal using the commands in the Catalina installer, lots of stuff on the computer is not working correctly. Commands which should work in terminal are disabled and settings which I change myself and lock are later changed back to the way they changed on their own.

Link to etrecheck report

https://justpaste.it/479d7