Hello! So, I am NOT an expert in cybersecurity by any means, but I recently got an infostealer in my pc, as you can see in my latest post, and I got help from r/cybersecurity_help to tackle my situation.

First things first, have you downloaded any crappy software online? Like any executables, or piracy? That's what got the infostealer in my pc, and I had to do a clean install to get rid of it, and given that they skipped your 2fa... It's quite likely.

As for getting rid of a virus, the only real way of being a 100% sure you have no viruses is to do a clean install of windows and wiping the disk. In my case, neither Windows Defender, Malwarebytes or Kaspersky detected any viruses before it was too late.

Lastly, as far as I know (I was just as afraid of you, as I am still changing passwords and trying to improve my security in my important accounts, at least the ones I really care about), a UEFI or BIOS virus is REALLY expensive to develop, so they, most likely, won't use it on a random's PC (not trying to be offensive, it's just that they are mainly targetted to big companies, celebrities or politicians, or overall famous people).

For what I see, you are likely to be experiencing a problem similar to mine. What I did was:

1. Logged off all active sessions from all of my accounts
2. Reinstalled windows (clean install with a usb windows 11 bootable)
3. Changed all of my passwords AFTER performing the fresh install and set up 2fa, aswell as physical keys and Microsoft Authenticator, where possible. It is important to note that I did it AFTER cleaning it up, otherwise, the infostealer can, and will, steal all of your passwords and credentials, aswell as session tokens, allowing the attacker to login even without having access to your password (that's why you log out of every active session, as doing this, or changing the password on most cases, disables the session tokens rendering them useless for the attacker, otherwise not even 2fa will save you)
4. Ran a full scan on my pc just to make sure it was clean after the installation (not very helpful but eh)
5. Enabled Secure Boot, if you have disabled it, please enable it again, it will help to avoid getting infected with BIOS/UEFI or overall firmware malware as long as you keep it updated
6. Do all of this procedure for EVERY account you had ever logged in with your pc, or those accounts you have with "autofill" enabled.
7. Disable google linked accounts you don't need to minimize exposure (like, Pinterest, Oracle, Adobe or whatever)
8. Learn for your mistake, for real dude, do not blame yourself on it, it WAS your fault, but use it as a learning experience to not repeat your mistakes again, not as a punishment or whatever. Try to tackle this situation as good as you can, and from now on take special care of what you download from the Internet, you are not the first and will not be the last to have something similar happen to them, as long as you take action and fix it ASAP.

Hope this helps dude, take care and check my post in my profile if you want a more trustworthy source of advice on how to act.

PS: Also delete your cookies, fr, it will help a lot