As an IT guy, this annoys me.

Guessing your password is not "hacking". It literally should not be possible within the age of the universe.

If someone is in your email account, it's compromised. That's it, game over, start again. Same if someone is in your computer. No antivirus can "clean" your computer to the required standard to recover from that. It's like expecting that knife you just dipped in poison to be used in your gallbladder surgery next week just by wiping it on a tea-towel.

Nobody should know your password. You password should be IMPOSSIBLE to guess. Literally impossible. It's really not that difficult to do. You should have two-factor authentication. Any hint that someone has your managed to access your account should be treated by you shutting it down or - at absolute, bare, minimum for a casual email account that you don't care about - changing the password to a truly secure one, booting out all existing logins for it (there's always an option to "log out everywhere"), wiping all the settings, and implementing 2FA, and then immediately moving to a clean account and telling your contacts (who absolutely should ignore that email and check with you personally anyway!). That's the absolute, absolute, absolute, bare minimum.

Unauthorised access is compromise. Wipe the disk and start again from nothing.

But if you want to stop this ever happening - start using proper god-damn passwords, literally something that cannot even be read by someone who sees it quick enough for them to memorise it correctly.

If you can tell someone your password, and they can get even 80% of it right a few seconds later, then it's not secure.