I’d tell you to start by searching the forums. This topic has come up a few times in the past months, and you’ll find lots of good info.
That being said…
What browser is he using? Is the virus preventing you from running .exe files? Can you get into safe mode?
This (or these) virus can be pretty sophisticated and nasty, so before doing anything, understand that I’m only relaying info that has worked for me in the past. YMMV. I’ve heard stories of some people trying to remove the virus and it’s resulted in boot loops, catastrophic edits/deletions to the registry and all around Bad Things.
Reboot and enter safe mode.
If IE is the browser, go into Tools>Internet Options>Connections. At the bottom of the tab, there should be a button marked “LAN settings.” Click that button, and at the bottom of the next window you should see a box labeled as “Use a proxy server for your LAN.” That box should be UNchecked. If it’s checked, click it to uncheck it, and then see if that solves your browser redirect problem. If it does, do a Google search for Malwarebytes Anti-Malware, download it and run it.
If that doesn’t fix your redirect problem, find a thumbdrive and another computer, and download Malwarebytes on the thumbdrive and then transfer it onto the infected computer.
Sometimes these viruses prevent you from running .exe (or any other) files. You’ll get a bogus error message that says something is infected or corrupted. If this is the case, download Rkill.exe onto the thumbdrive, and copy it to the desktop of the infected machine. Click it to run. The virus may give you a message that says you can’t run it, but keep clicking it until a window opens that tells you it was successful.
Sometimes the virus is smart enough not to let Rkill run. So you can rename it to something random to get it to work (16hr2.exe or something).
Rkill does NOT remove viruses or malware. It simply stops the process that is preventing you from running .exe files (like anti-virus software, getting updates, etc.). You’ll still need to download Malwarebytes (or similar) to scrub the virus.
Hope that helps, but I’m far from an expert. Here’s hoping someone else joins this thread to give you better info.