Ok, hopefully it's not the end of the world, but a family member got a supposed email from a teacher they know - without realizing just a link to an unknown web site was a REALLY bad thing to click... with a facebook.php?bxiutalj712mxbk type ending, no less.
I'm running a complete scan, there was nothing blocked in the log, but I'd love to get some suggestions about how to detect the possible infection we now have. Guess partly my bad for not doing a better job of educating on this...
I don't have the technical skills to trap and test a payload, but did save the link (which, cruising around a while, I can see is not something to post :)
Thanks!