The StoryThis all started when I got a text message from my wife earlier today. This is the image she sent me:
The Initial ReviewOnce at home, I looked more closely at this incident. First, I opened MSE to review the logs and found that nothing was detected in any previous scans (edit: MSE actually calls this History). This starts to confirm the suspicion of a fake antivirus popup.
The next step was to take the cache files from my daughter's profile and put them in a virtual machine. Since she uses Firefox, this is easy to do. If you are interested, explanations of the Firefox cache directories are here.
A quick peek at the history reveals this is definitely fake antivirus related.
Firefox Cache ToolsI start the cache exploration by typing about:cache into the URL bar. This gives you the screen below which is not very useful.
ConclusionI suspect the popup came from the website directly prior in the browsing history, possibly from an advertisement. If that is true, it appears the problem has been remedied. I did look for some contact information on that website, but I did not locate any. I would have preferred to report this information, but I was unable to.
Firefox is a great browser. These cache tools are great for troubleshooting and fun to explore with as well. I am certain Firefox includes many more tools that I don't know about. Hopefully you found something useful in this post. Thanks for reading!