Yesterday my wife caught a TR from facebook, she foolishly, clicked a pic Tom Hanks stops breathing. By the time, I got to the machine, making noise, & wanting us to call a phony MS phone number & advising leaving this page, would damage data. <reboot> still had control of the machine. So much for ASUS router AV & MBAE & KIS. The TR was not deterred. Ran HMP found about 7 or 8 instances of 'coupon bar' plus tracking cookies, next ADW found 4 threats, nicerdays.org, reboot MBAM 0, RogueKiller 0, tried the browser all is well. Reboot & Rogue killer again 0. After totally convinced she was clean, re-installed SD + re-education on how to use. I was fully prepared to grab the Macrium Rescue disc, & do a restore. I'm doubting the value, of these 4 resident defenses having value, with SD & Macrium backups. I advised my wife no internet or email, without shadow mode.
I would run some Free Bootable AV Cd's as well. Avira Rescue System, Bitdefender Rescue CD, Dr.Web LiveDisk, Kaspersky Rescue Disk etc.
In the old days, you'd buy & AV, the shop around for AS & FW. Then it was all part of suite, one package did it all. Trouble is, KIS rated #1 misses allot, HMP cleans up what KIS allowed, then ADW cleans, what those two missed, then RogueKiller finds what they all missed. Seems our dollars go to support an industry, that frankly, is not very good at keeping us safe that is AV companies. In the past I've tried all those bootable AV's on many, infected machines never had any luck with them & stopped using them. They didn't find anything ever, & booting back was still infected. Asus touts the Trend Micro Av in the router, that's just a behavior blocker, you could use WOT, or ublock for free. Just remembered Malwarebytes bought ADW, is ADW in 3.0? @zapjb he scares me also
Truth is you can do little to prevent well resourced threat actors. Not even the most up to date AV/FW/AE will stop a advance persistent threat. They use zero day exploits and you can not defend against unknown exploits. I would even go so far as to put the infected hardware in the rubbish once infected. There is little point in any other measure when it comes to zero day malware. Simple bank Trojans and backdoor's is all that AV/FW/AE is good for. Nothing else.
Yes those would help at mitigation of this kind of malware. But they wouldn't protect her against keylogers and ransomware. One could get her credentials other could encrypt data that is not protected by SD.
Based on your descrpition, it sounds like it was a message on a webpage rather than the computer being infected. I encounter these sorts of bad webpages from time to time.
News from MBAM ADW is not part of MBAM, put a free dl from website. Had problems with MBAE suddenly blocking FF & GC resolved by running Tweaking's repair @ComputerSaysNo - I fully understand 0 day threats & the industries, efforts to thwart. Trashing hardware, if caught on, would definitely lift sluggish sales, in rare, cases trashing the machine may be advantageous. You make an excellent point for "Free" AV's, over paid subscription, paid or free still vulnerable, to 0 day. I'm not aware of any malware, "commonly found" that can defeat Shadow Defender, thus making it a 0 day defense strategy. @roger_m - I think your absolutely correct! This is most likely why HMP missed it, & ADW's focus on browsers eliminated the problem, then the rest of scanners came up blank. "One could get her credentials other could encrypt data that is not protected by SD." C:\ is in shadow mode, all is protected, you defeat SD (become more vulnerable) with each EXCLUSION. The biggie is not taking the time, to wait for SM. This will take just a second. To me it seems a no 'brainer' merge MBAM & ADW into one package, and be light years ahead of the competition.