engine - 12:27 pm on Mar 10, 2010 (gmt 0)

A couple of things spring to mind.
1. Find out what a/v spyware protection they have on their machine. That would be my first port of call.

2. I don't want to worry you, but, asuming they have protected their machine, have you checked it's not malware that's got onto your site?