Otherwise it's just a Trojan.

Though any embedded links may or may not be unsafe.

http://www.theguardian.com/money/2011/aug/05/beware-hackers-take-over-gmail-account

Your friend was impacted because they clicked on something they shouldn't have and entered credentials for their email account.

From the article:

"Corrigan thinks he might have an idea how it all started. "Several weeks previously I'd received emails from two friends containing nothing in the way of a usual greeting, just a nondescript link to click on. With one of them, I stupidly did click on the link but nothing coherent happened. I phoned the friend, who said he hadn't sent me a message."

He says that after the scam came to light he looked in his Googlemail settings and found a ymail.com address as well as his own Gmail.com address. "The ymail.com address was forwarding all my mail to somewhere else and was central to the scam. I didn't put it there. I've since killed it, but is my computer still infected? I don't know. The experience caused turmoil for a lot of people. Many fear their own email accounts have been infected. As for me, it has caused electronic havoc because I have lost two years' records of various conversations, including a large number important to my work."

and if that doesn't clear it up, she can download free AVG and Malwarebytes and usually they'll take care of it.

If she's on Farcebook, that's the more likely culprit. These bastards comb that site for people with a lot of family and friends and target them that way.

However, she needs to let the AOHELL tech staff to it if she's not on FB.

I did a forensic investigation on these and found that they are sent through the account after it is hacked. In other words, your friend's AOL account has been hacked (i.e., the password was guessed or otherwise discovered.)

Have your friend log into her AOL account at www.aol.com and do two things:

1. Change the password; and,
2. Change any challenge questions such as "mother's maiden name."

If her password doesn't work and she can't log into her account at www.aol.com, she can click on "Forgot your password" to accomplish #1.

I can't believe anyone just guessed that one.

Is there a backdoor way that they come in?

Just saying...

She and I neither one know much about computers. She has been talking to AOL (in India) so hopefully they will be able to help.

and don't click on or reply to any emails that look suspicious. When in doubt, delete it.

Using a program like malwarebytes can help clean up spyware. https://www.malwarebytes.org/
Use the free version.

People now call with the phishing scam claiming to be from Microsoft and trying to get access. Beware of that too.

Just by trying out words in a long word list. It's called "brute forcing".

Which is why your passwords should always be long and comprised of a variety of upper case and lower case letters, numbers, and odd characters, L1keTh1$!