We are going to create a new wallet on hardware device, to create an address, then we will import his current wallet to the hardware device, and send those coins to the newly created wallet...... So we are taking precautions. I told him he needs to secure his mnemonic phrase immediately, then after the coins have been secured, wipe and re-install his operating system.
Don't forget to tell him to use another device that he knows is clean from malware and viruses, or if he doesn't have an extra device but has an extra SSD/HDD, then he can install a fresh OS and disconnect the current drive because even if he is going to use a hardware wallet during importing his current wallet to the newly created wallet, he might experience the same thing because that device is infected and his clipboard is already hijacked.
I think blockchain seed is compatible with Electrum BIP39 enabled try to suggest it to him.
As far as the computer that had the clipboard malware installed, it will not be involved in the process of moving to a new wallet as a precautionary measure.
He apparently has a ledger wallet where the funds will be moved,
and I will be explaining how to set up a bip39 passphrase as an option.
I will also make him aware of the need to verify addresses
ALL OF THE TIME regardless of whether a cold wallet is being used or not.
The old computer's HD will be wiped and a new OS will be installed.
Depending on how much coins he has he can set up a cold wallet for better safety. He can use a watch only wallet to create the transaction and sign it in the cold wallet then broadcast in the hot wallet.
That aside. He should be careful the sites he visits and permissions he grants to softwares he installs.
A wallet capable of PSBTs would be excellent, but he's not there yet. He has a ledger wallet and he is going to be more aware going forward when he has to perform a transaction. this should bring up his security a few notches. As far as the origins of the malware, I don't know, but I warned him about pirated software, and to be careful with what he installs. I also told him to create a standard user account as his main user.