Why does the factory reset not get rid of the spyware on my stock HTC ONE M8

[Android Central Question]

Ok so I've had android phones my whole life but never have gotten into rooting or anything dealing with development. I got my current phone for christmas 2017 and got it activated on at&t a few days after, the phone was bought as a unlocked phone from walmart.com and I didnt do any modifications to it or download any apps from outside of google play. About 5-7 days ago my desktop computer got hacked and had a remote access administrator user account downloading all my information and monitoring my activities, it changed my user account to non administrator and then did some altering to the boot sequence file but i dont know what, I just saw it open the file and change the code and the computer said it had to restart to confirm changes; whenever it began to restart I unplugged the power cord and everything else from the computer and havn't touched it since.

The same night that happened I realised i had a remote access program on my phone changing settings and setting up auto call-forwarding and could close out my windows and controll my screen. I did a factory restart and created a new google account but the malware was still on my phone, sometimes taking longer than others to show but When looking in the geeky stats inside of the developers settings it shows a bunch of random apps running with administrative permissions that cannot be disabled or uninstalled. I have since done atleast 7 factory resets including in safe mode and I can still see the apps running background processes. I tried to do it in recovery mode but it says it was missing the files. the factory reset sets it at android version 5.0.2 Lollipop

my bootloader says this:
*** Software Status: Official ***
*** LOCKED ***
M8_UL_CA PVT SHIP S-ON
HBOOT-3.19.0.0000
OpenDSP-V47.2.2-00564-M8974_FO.1024(rest covered by broken screen)
OS-4.28.502.8
eMMC-boot 2048mb
Mar 4 2016, 18:56:55.1781

The recovery screen says this at the bottom when I open it:
E:missing bitmap oem_unlock_bg
(Code -1)
E:missing bitmap oem_unlock_bg_yes
(Code -1)
E:missing bitmap oem_unlock_bg_no
(Code -1)
handle_cota_install: install cwpkg to /data/data/cwtemp/cwpg.zip
handle_cota_install: install cwprop to /data/data/cwtemp/cwprop
Write host_mode success
handle_cota_install: Can’t mount /sdcard, 1 times
handle_cota_install: Can’t mount /sdcard, 2 times
handle_cota_install: Can’t mount /sdcard, 3 times
handle_cota_install: Can’t mount /sdcard, 4 times
handle_cota_install: Can’t mount /sdcard, 5 times

How do I fix my phone and get the malware out of the factory reset files?

 

[Rukbat]

The malware is installed as a system app, so a factory reset won't do anything to it. ("Factory reset" is more like "user addition reset" - it removes anything you've done. Since the malware is installed as part of the system, it's not touched.) About the only way to make sure you get rid of it is to reflash the ROM. (You'll also lose any data you don't have backed up, but that can't be helped.)

As for the PC, it needs about the same treatment - reinstall Windows from scratch. And, again, you'll lose any not-backed-up data.