Since a Factory Reset didn't fix your problem, it's likely that whatever exploit is on her J7 is something that installed itself into the Android operating system itself. There's a common misconception that a Factory Reset will wipe everything but that's only partially true. The internal storage media in her phone is divided into several partitions, most are dedicated solely to the operating system and one is the set aside as the user's data partition. That data partition is where all a user's data, saved files, app config/settings reside, and it's just that data partition that gets wiped clean during a Factory Reset. The operating system partitions are left as is, the OS does not get wiped away, it's just that data partition. The installed OS cannot wipe itself, nor can it magically reinstall itself even if it does get deleted by other means. This also means that after a Factory Reset, just as an example if her phone was originally running Marshmallow and later upgraded to Nougat, it will remain running Nougat after the Reset. Again, the Factory Reset does not affect the OS itself.
Most Android exploits will only be limited to that user partition, the system partitions have restricted privileges. Some exploits however, are more cleverly crafted and are able to compromise the OS. Once an exploit resides in one of the system partitions, a Factory Reset won't make any difference. In that case you need to replace the OS. There is no master install image for consumer phones where you can just manually install a clean Android OS onto her phone, it's a matter where you need to flash a stock, Samsung ROM.
Another thing to keep in mind is 'if' there is some exploit that's in the installed OS, even if you try using an anti-virus/anti-malware app the odds are it won't help. This goes back to that permission level/privileges issue -- installing one of those utilities will be done by the user and will have user-level privileges so for the most part while it will have full control over everything in that data partition, that utility will only have limited abilities to do anything involving direct access to any of the system partitions (it's essentially a user-level app without system-level privileges).
But getting back to flashing the ROM, be sure to back up everything that needs to be saved first. Flashing a Samsung device using the Odin utility won't wipe the data partition when done properly but just in case something goes wrong. Plus you should always have a backup solution implemented anyway. You might want to use Samsung's Smart Switch to do a full backup (and it will makes things less of a hassle if you do need to do a restore of the user data).
https://www.samsung.com/us/smart-switch/
Go here to download the appropriate ROM. Using the exact model I.D. (i.e. SM-J7xxxx) and her carrier:
https://updato.com/firmware-archive-select-model?q=galaxy+j7&exact=1&r=&v=&rpp=100
It's important to choose the matching ROM, don't substitute as ROMs are not interchangeable. Every model has a different, internal hardware configuration and its matching ROM has to have the appropriate drivers/firmware/software to work with that specific hardware.
There are detailed, step-by-step instructions on the flashing process here:
https://updato.com/how-to/how-to-install-an-official-samsung-stock-firmware-using-odin
If you don't have access to a Windows PC, there's an Open Source alternative to Odin called Heimdall, and available for Linux and OS X:
https://glassechidna.com.au/heimdall/
It's not an exact imitation to Odin but functionally very, very similar so while those links refer to the Odin utility, if you're flexible enough the exact naming and menus aren't that different.
