The point here is to double-check our work and get advice from the community. A high-level employee frequently gets malware of the "Buy this Antivirus now" variety which - while annoying - is typically easy to clean. A few days ago the malware was much worse and has prompted this question - what are we missing?
The machine is not locked down - the user is an Administrator on the local workstation but not on the server it is attached to. The only other thing we noticed was that Java was slightly out of date. Other than that, things look okay. The machine runs Symantec A/V (corporate) and Microsoft Security Essentials simultaneously. Internet Explorer has been removed and replaced with Firefox so that pop-ups can be disabled, and the Adblock Plus add-on is installed and running. Finally, the websites the user visits test okay on other machines (and server logs document the access). Is the tech staff here missing something or are we simply dealing with (forgive me) one very clueless user?
If the answer is the user, what more can we do to stop future infections based on the information provided here. Thanks.