You can already do that with NAT rules on 2.0 at least, maybe even 1.2.3.
A couple different ways:
* A port forward on LAN with a source of the infected PC (or an alias containing them) and a destination of "any" (not "interface address"), redirect IP would be the web server on another interface hosting the "you are infected" page, and destination/redirect port of 80.
That would redirect any web surfing they try to do over to your "you're infected" page, and if your web server there is set to respond to any query for any page (redirect a 404 to your virus page) with the page you want, it will do exactly as you describe.
Another way would be to run the squid proxy and with squidguard, match the infected users in an ACL, and deny access to everything, and put your "you're infected" message in the squidguard error/redirect.