i'm really curious, how she got to the fishy site.. personal antivirus is a known rogue and we're always trying to protect our users (via URL blocking and detecting the binaries), but no one is able to tell us the exact steps made before entering the bad site... this way we can be only (quickly) reactive, but it's difficult to be proactive (it's difficult anyway, because the authors of such malware can register as much domains as they want and change the obfuscator for their binaries anytime)..