Big Sur 11.2 has EFI Bootloader and Windows MBR which I can't delete

% diskutil list internal

/dev/disk0 (internal, physical):

#: TYPE NAME SIZE IDENTIFIER

0: GUID_partition_scheme *500.1 GB disk0

1: EFI ⁨EFI⁩ 209.7 MB disk0s1

2: Apple_APFS ⁨Container disk1⁩ 499.8 GB disk0s2

/dev/disk1 (synthesized):

#: TYPE NAME SIZE IDENTIFIER

0: APFS Container Scheme - +499.8 GB disk1

Physical Store disk0s2

1: APFS Volume ⁨Untitled - Data⁩ 166.8 GB disk1s1

2: APFS Volume ⁨Preboot⁩ 293.5 MB disk1s2

3: APFS Volume ⁨Recovery⁩ 610.8 MB disk1s3

4: APFS Volume ⁨VM⁩ 1.1 GB disk1s4

5: APFS Volume ⁨Untitled⁩ 19.5 GB disk1s5

6: APFS Snapshot ⁨com.apple.os.update-...⁩ 19.5 GB disk1s5s1

I wondered if the EFI could have something wrong with it because it seems to copy itself onto any devices which are formatted with the computer, and all of the mac hidden files are the same on every disk.

This is the version of the firmware the computer says it is using, and it checks out on apple’s list, but it’s not the current one. I’m not sure if version 430 of the boot rom is out yet or not?

IM144.88Z.F000.B00.2012171743  (Boot ROM Version: 430.0.0.0.0)

Whatever the issue is, something is not right with the computer, and a secureerase format using diskutil in terminal when the computer is rebooted with a USB installer will not resolve the issue. I know the USB is booted because it won't allow me to eject it, but at the same time there is an Internet Recovery volume of around 2gb in size which also will not allow me to eject it.

Weird stuff happens. The computer will hang at shut down, or it will restart every time you try to turn it off. My password can change at any time behind my back. Terminal commands are disabled. even from a boot disk. I can’t view hidden files. Windows installs automatically after evert format, without me running boot camp. Updates which appear to come from the App Store are unsigned and come back with bad SHA256 values. Any drive which is inserted into the computer gets hidden files copied onto it, which are contained in the 209.7 EFI partition.

Any disks which are formatted with this computer are not fully erased, they all come back with the first partition hidden with an EFI partition the same size, containing hidden files. 

Recovery mode won’t work and it has a feature which asks for your wifi and password, even if you are plugged in Ethernet, then it saves your airport password and will connect even when you have the wifi disabled.

When I format I have no choice but to use the APFS file system when I install Big Sur or Catalina, and the space of the 5 partitions can change drastically without me downloading anything. I think the issu allows someone to connect to your computer using SSH and basically do whatever they want. I was surprised to find windows installed when I rebooted the computer and pressed option, it was there.

There is a firmware update called “Mac EFI Security Update 2015-002” which is supposed to fix the security flaws in the EFI, but I can’t install it without running Mavericks 10.9.5 but I'm unable to find a verified installer because the certificate has expired. 

It seems the virus is loads a modified kernel which basically owns the computer and I have no way to flash the bios or fix the thing. 

I ran Darwin Dumper and I have a .HTML file with all of the info it could get. The boot kernel is vary long and contains commands which disable booting from USB, and all sorts of other stuff. Check the text I posted. I'm sure someone who is knowledgeable about boot kernels could look at it and determine if there is an issue there, but there is a lot more text which I could not fit into the window.

If it is not the EFI, then it may be something else related to the internet recovery disk which won't eject or firmware issues. All I can think of is going back to Mavericks and trying to flash the UEFI, but I have to keep formatting the computer because the longer I leave it on to try to get stuff done, the more commands and features get disabled and then I have to format again because the hard drive fills up with programs I did not install and data which I can't find.

Does any of this sound like a known virus?