In many many years a close friend's Windows 7 computer remained free of malware and we did a lot to keep it that way. Updating Flash, Java, Windows, Firefox, Thunderbird, etc. as soon as fixes become available and using an anti virus program should have kept us save. But it didn't and it cost me a full night's sleep to fix it.
Things started to look strange when Google searches sometimes did not end up on the selected page in the search results but the browser was instead redirected to a completely different page. When looking at it I saw that Google showed the references to the page correctly but when clicking on the link there were suddenly a number of redirections to pretty strange URLs indicated at the bottom of the window before a final destination was selected . It wasn't a rouge browser plugin as the same process repeated itself when using Internet Explorer as well. This looked like click fraud to me because the final pages were those of big and well known companies. Then I noticed that Microsoft's Security Essential virus scanner was not running anymore and restarting it manually ended up in an error message. Now that made it pretty clear that something is really wrong.
So I shut down Windows and booted to a special Ubuntu virus scan CD. I always carry it with me hoping tat I would never have to use it. Now I'm glad I carried it along. During several hours of scanning over night it revealed a number of infected files with two viruses. After removing them and rebooting, things in the browser were back to normal. Microsoft Security Essentials still didn't work but reinstalling the package fixed this. Then I discovered that the malicious program had also deactivated the Microsoft Notification service so it wouldn't complain that the anti virus was not running.
How could this have happened? The bad thing is that without the virus scanner having detected it there is no way of telling. A drive by virus on a web page using an unknown weakness, something in an attached document of an email? Lets hope the updated virus definitions will catch it next time or a patch against it has been installed in the meantime because without knowing where it came from there is little that can be done to prevent it from happening again.
Another nail in the Windows coffin on that machine and one more reason to switch to Linux for my friend. After all, Windows 8 will be so different she needs to relearn the desktop anyway. It's time to change.
Let me guess, they were still running using an admin account?
User Account Control is not a security boundary (even MS has said so). The only way to prevent problems like this is to run as a limited account and have separate admin account. Almost nothing will get through that without the user specifically allowing it.
I do that on my own home system and I set up everyone else’s systems like that.
If your friend is going to learn a new desktop she might want to think about a Mac. I’ve found the quality of Apple’s hardware and software is an order of magnitude above anything in the market, well worth the price differential.
Also make sure she changes all her passwords on websites she might have accessed from the infected PC. It could have had a keylogger installed as well.
Would an Android tablet computer work for your friend?