FacebookTwitterLinkedIn

We Couldn't Activate Windows POP-UP Scam

Also Known As: "We Couldn't Activate Windows" virus
Type: Phishing/Scam
Damage level: Medium

Tomas Meskauskas Written by on (updated)

What is We Couldn't Activate Windows?

Typically, users receive the "We Couldn't Activate Windows" fake error message when they visit an untrustworthy (deceptive) website. In most cases, users do not visit these websites willingly - potentially unwanted applications (PUAs) or clicked intrusive ads force redirects to them.

Potentially unwanted applications of this type are usually installed without users' consent, cause redirects, gather data, and deliver ads. Some examples of other similar scams are Your System Data Has Been Compromized, Your Computer Is Permanently Blocked, and Windows Support Alert.

We Couldn't Activate Windows scam

The pop-up "We Couldn't Activate Windows" message states that the operating system has failed and could not be activated, and that users should contact Microsoft support via the telephone number [+1-844-458-6668] provided using error code "0xc004f014" as a reference.

It also states that the system has detected 'unusual activity' that might harm data stored on the computer and track financial activities. These statements are false and have nothing to do with Microsoft or its support services. These threats are attempts to trick users into paying for services or products that will supposedly fix the problems.

Cyber criminals are behind the "We Couldn't Activate Windows" fake support message and we strongly recommend that you ignore all requests made by them. To remove this message, simply close the website, and it should be gone. If you cannot close it, a script might be preventing the closing of opened tabs and windows.

In this case, use the Task Manager to force quit the entire browser, or simply restart the computer. The next time you open the browser, do not restore the previous session, since this will reopen identical, malicious web pages that produce the "We Couldn't Activate Windows" message.

Potentially unwanted applications that lead users to websites that trigger fake messages (such as "We Couldn't Activate Windows") also collect user-system information (geo-locations, keystrokes, IP addresses, URLs of visited websites, search queries, etc.). Developers use these details to generate revenue by sharing them with third parties (potentially cyber criminals).

There is a high probability that the gathered data will include personal or sensitive information. Therefore, users can encounter privacy issues or even identity theft. Another downside of PUAs is the ads they deliver.

They are often coupons, banners, surveys, pop-ups, and so on, and displayed using tools that enable placement of third party graphical content on any site and conceal underlying content.

Once clicked, these ads redirect to untrustworthy/potentially malicious websites or run scripts designed to download/install potentially unwanted applications. You are advised to uninstall all unwanted apps immediately.

Threat Summary:
Name "We Couldn't Activate Windows" virus
Threat Type Phishing, Scam, Social Engineering, Fraud
Related Domains girlsimages[.]online
Serving IP Address (girlsimages[.]online) 104.27.160.142
Symptoms Unauthorized online purchases, changed online account passwords, identity theft, illegal access of one's computer.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Many fake messages (support alert, virus, errors, and so on) are very similar to "We Couldn't Activate Windows". In most cases, they state that the system is infected by a virus infection, the computer is blocked, the user's data is in danger, etc. These messages are simply used to trick users into paying for software they do not need.

Potentially unwanted applications are all very similar. They generate revenue for their developers by collecting and sharing data, delivering intrusive ads, and causing unwanted redirects. PUAs are generally promoted as 'useful apps', but few provide the functionality promised.

How did potentially unwanted applications install on my computer?

PUAs are often installed by users inadvertently without their knowledge - through intrusive advertisements that they click or when software developers use a deceptive marketing method called bundling. Bundling is stealth installation of PUAs with regular third party software.

Software developers avoid disclosing information about bundled applications properly and hide them in "Advanced", "Custom" and other options/settings of the installation processes. Careless behaviour such as skipping installation steps and clicking intrusive (untrustworthy) advertisements usually results in unintentional software installations.

How to avoid installation of potentially unwanted applications?

Do not download software from untrustworthy/unofficial sources. Avoid using torrents and third party software downloaders. We strongly recommend that you use direct links, official and trustworthy websites. Do not skip installation steps without checking the "Custom", "Advanced" and other similar settings or options.

Deselect all offers to install additional software, and only then proceed to the next step or complete the installation. Bear in mind that not all advertisements are legitimate, especially intrusive ones. Cyber criminals invest many resources in ads design and it can be difficult to determine which are legitimate.

Rogue ads usually redirect to untrustworthy websites such as gambling, pornography, adult dating, and so on. If you encounter them, check the list of installed applications on your browser and remove any unwanted/unknown extensions, plug-ins, and add-ons immediately.

If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them .

Text presented in "We Couldn't Activate Windows" pop-up:

We couldn't activate Windows
Try activating Windows again or contact Microsoft support and reference the error code. You can go to Settings for more information.
Toll Free: +1-844-458-6668
Error Code: 0xc004f014

The appearance of "We Couldn't Activate Windows" pop-up (GIF):

We Couldn't Activate Windows scam gif

Second pop-up of "We Couldn't Activate Windows" scam:

second WCAW1

Text presented within this pop-up:

Windows Support Alert
Your system detected some unusual activity.
It might harm your computer data and track your financial activities.
Please report this activity to +1-844-458-6668

Another variant of "We Couldn't Activate Windows" pop-up scam:

We Couldn't Activate Windows pop-up scam (second variant)

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

  • Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
  • Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
  • Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
  • Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
  • Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

Example of a pop-up scam

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

  • If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
  • If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
  • If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
  • Help other Internet users: report Internet scams to Federal Trade Commission.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
We Couldn't Activate Windows virus QR code
Scan this QR code to have an easy access removal guide of "We Couldn't Activate Windows" virus on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.