[xSwag]

Eurograbber is a variation of the Zeus/Sopilka family of malware. I'm surprised his AV didn't pick it up because it's the most popular financial malware after SpyEye and Citadel.

What bank was this with? Did they cover the losses?

I'm assuming something like the following happened:

    Your friend → (direct) Mule in your country → (Western Union) to the criminal

I tell my parents to use a linux Mint or Ubuntu live disk whenever they're banking online. It seems to have worked so far.

[benohear]

I'm not sure if it was Eurograbber itself, but a similar attack in any case.

Bank is "trying to help recover the funds" but won't cover if that fails. Part of the problem is that it took him a while to realise this had happened. I think it was the Sparkasse, but not 100% sure.

No idea what state his AV in. He's a smart enough fellow, but definitely non-technical.

EDIT: Missed your line about the live CD. I considered that, but I find rebooting a major PITA, hence the VM-on-stick idea. How is it working out for your parents?