Software

Sounds like TrendMicro does not have updated anti-virus definitions, if a Klez virus got through. Klez is only a couple month old or so.
I would check TrendMicro, and see how old the definitions are. Make sure the updating of the definitions is set to automatically run.

hope this helps

It's also possible that someone has stolen her ID. We were getting a lot of viruses from a workers sister, so we told her to tell her sister to send only to her home address. A month later, we received another virus from her sister. When she called her sister, she said that she had not even booted up her computer in several weeks!

You can read more about stolen email addresses at:http://www.maxis.net.my/public/internetnews/theft_services.asp

Don

P.S. Remove any spaces that appear in the URL or just do a search on "stolen email address", use the quotes so you search for the phrase.

Here's an excerpt from mcafee.com: This W32/Klez variant has the ability to spoof the email FROM: field. The senders address used by the virus, may be one that was found on the infected user's system. Thus, it may appear that you have received thisvirus from one person, when it was actually sent from a different user's system. Viewing the entire email header will display the actual senders address.

It sounds like your user's system is clean, but someone she knows has a virus on their machine and is sending out emails using her email address.

Thanks for all the quick answers. I think that Klez answer hit it right on the nose.