WGA notification tool uninstaller (RemoveWGA.exe)

[gkweb]

Hello,

After having read many threads on various forums, I found that everyone is using his own manual method to remove the possibly installed Microsoft WGA notification tool. Some boot into safe mode and create empty 0Kb WgaLogon.dll file, others will use the NTFS permissions to remove the execution flag from the files (WgaLogon.dll and WgaTray.exe), others will try to remove the registry entry loading the DLL, and finally some uses all methods.

All of these methods may not be convenient for everyone, and are anyway not automated. I have created a small tool removing the WGA notification tool for you :
http://www.firewallleaktester.com/tools/RemoveWGA.exe

How it works :
RemoveWGA.exe simply checks if the WgaLogon.dll is loaded into Winlogon.exe. If so, it offers you to remove the WGA notification tool. To do so, it sets both System32\WgaLogon.dll and System32\WgaTray.exe files to be deleted by Windows at the next reboot, and add an entry to start itself. After the reboot, RemoveWGA.exe deletes all WGA notification tool traces (Winlogon registry entry, dll and exe files in system32 and system32\dllcache, and the folder located at Documents and Settings\All Users\Application Data\Windows Genuine Advantage).

Disclaimer :
I have tested RemoveWGA.exe only on one Windows XP SP2 machine.
It should be considered as BETA for now, until it has been confirmed fully working. At worst, it will tell you that it can't and that's all, you can safely test it.
To run it, you need administrator privileges to allow it to read the winlogon process.

Probably that the readers of this forum didn't even installed the WGA thing, but this tool might be usefull for someone (I hope )

Regards,
gkweb.

EDIT : screenshots

Before reboot :
http://perso.orange.fr/jugesoftware/forum/wga1.gif
http://perso.orange.fr/jugesoftware/forum/wga2.gif

After reboot :
http://perso.orange.fr/jugesoftware/forum/wga3.gif

[WSFuser]

thanx gkweb. its not on my computer atm, but when i reformat and use ryanvm's update pack, it will come in handy.

[zapjb]

The world should be informed! Good work.

Although I too don't need it.

[JRCATES]

I'm glad that someone brought this up, because I seem to be having a bit of a problem here.

The past few days, when I first boot up my PC for the day, I see the Windows "yellow exclamation mark" icon in the system tray....and when I move my mouse cursor over it, it says "downloading updates 0%". It stays that way for a few seconds, and then the icon just disappears.

So...I've visited Windows Security Center Update site, to check for updates (even though "Auto-Updates" are turned on by default). I see the following when I "Review (my) Update History":

http://img161.imageshack.us/img161/6...ownload0cy.png


So....I manually check for any Windows Security Updates....and I get the following message:


http://img233.imageshack.us/img233/4...gavtool6wz.png

So it seems that this tool IS somewhat necessary, even just to simply CHECK FOR updates. Apparently, I can't even access any new updates without installing this tool....so I'm curious what exactly this tool is, why I can't get seem to get new updates without installing it, and how to go about getting new updates without installing it

Anyone who can help, I would greatly appreciate it.....

[JRCATES]

As a bit of a follow-up to my post above, I notice threw my History of Updates that this Windows Genuine Advantage Notification (KB905474) actually HAS BEEN installed already previously!!!

I've got a date of Thursday, April 27, 2006 with the status of "Successful" and the source as "Windows Update "! So I was thinking that it was ALREADY installed....not sure what all of this "CURRENT" installation dialogue is all about....

[JRCATES]

Man....now this is REALLY screwed up!!!

Apparently, I have now installed TWO "Windows Genuine Advantage Notification" tools! Here is the first installation, which took place on Thursday, April 27, 2006:

http://img49.imageshack.us/img49/48/...olinstall0.png


And here is the second one that happened TONIGHT! In this screen shot, you can see that the past several days Windows has been TRYING to install the same exact code for this tool which was already installed a couple of months ago:

http://img225.imageshack.us/img225/7...esagain4uz.png

As you can see, the 4th one down is the "NEWLY" installed Windows GAV tool with the NEW code done tonight! But just below....and then again, JUST ABOVE....Windows keeps trying to install the "OLD" code. So why was I given a "NEW" code? And which one is correct/valid?

This is so frustrating....I can't even finish the downloads of new security updates because it can't recognize what should be the "correct" code for the Windows GAV tool!!!!

[Longboard]

Thanks GK for the tool.

I ama bit confused.
I read the article here http://www.groklaw.net/article.php?s...60608002958907
and agree with all the issues raised and around the blogs as well.

I had thought that I could not install updates and or security patches without the WGAV thingie installed?

Is that not true? If not please show mw how to configure to access the winupdates and patches.

I really object to the presence of the WGAV spyware. either daily or monthly!!

Thanks
Lbd.

[JRCATES]

Quote:

Originally Posted by Longboard

Thanks GK for the tool.

I ama bit confused.
I read the article here http://www.groklaw.net/article.php?s...60608002958907
and agree with all the issues raised and around the blogs as well.

I had thought that I could not install updates and or security patches without the WGAV thingie installed?

Is that not true? If not please show mw how to configure to access the winupdates and patches.

I really object to the presence of the WGAV spyware. either daily or monthly!!

Thanks
Lbd.

I can't figure out a way to "download and install" new updates without it. And that's the problem I'm experiencing....Windows has already installed the "Windows Genuine Advantage Notification Tool" (back in April), and yet it STILL tries to install it at every bootup now!!! I just manually checked for updates tonight, and shows the same code for the same tool that was ALREADY installed back in April! So my computer simply "TRIES" to install it again, and again, and again.....and according to my Winows Update history....it "fails" each time it tries to download and install!

I get the yellow exclamation icon in the sytem tray saying "Downloading Updates 0%" at every boot-up, "Update History" shows the update "Failed".....but yet that it was successfully installed back in April!

Can somebody PLEASE help me out with this??

[zapjb]

Did you try gkweb's tool?

[gkweb]

Yes I tried it and I was perfectly able to download and install the dozen of lastes security patch, without WGA. I did it by going to Windows Update with IE, WU checked my PC, and brough me all of the updates, including the WGA notification tool (because it was not anymore installed). I've selected all updates except the WGA one, and everything went fine.

I don't know however about the automatic update. I've disabled it anyway for the moment, I don't like to have spywares installing in the background.

In fact I am in the same position as someone who never installed the WGA notification tool. If you can, I can.

Regards,
gkweb.

EDIT : This program removes the WGA Notification tool (calling home every boot), not the WGA Validation which has validated your OS.

[WSFuser]

Quote:

Originally Posted by Longboard

Thanks GK for the tool.

I ama bit confused.
I read the article here http://www.groklaw.net/article.php?s...60608002958907
and agree with all the issues raised and around the blogs as well.

I had thought that I could not install updates and or security patches without the WGAV thingie installed?

Is that not true? If not please show mw how to configure to access the winupdates and patches.

I really object to the presence of the WGAV spyware. either daily or monthly!!

Thanks
Lbd.

like gkweb said, the WGA notification tool is different than the WGA used on Microsoft/Windows Update.

afaik, Automatic Updates is unaffected and u can still receive updates that way. u can also look into using utilities like AutoPatcher XP.

[spindoctor]

Thanks Gkweb.

I also noticed the latest Xp-Antispy also has a similar feature added for those who may be interested. Not sure if it does exactly the same thing, but it looks like it does.

http://xp-antispy.org/content/view/24/55/

download in English:

http://xp-antispy.org/index.php?opti...sellang&iso=en

[Mem]

Worked very well gkweb. I downloaded your tool and then the wga notification just now. I reset MS autoupdate to notify but not download or install. Reboot, no autoupdate icon appeared, run your tool and restart. The update icon showed up to install wga notification. All looks good for this XPSP2 PC. Also my firewall rules show that wgatray tried to connect out and after running the tool that has stopped.

[Oremina]

gkweb

Have just tried your little tool RemoveWGA.exe and it worked just as you said.
Thankyou very much!

[beetlejuice69]

I downloaded the two iso files that someone posted and opened them with my iso software, picked out the ones I needed and installed them...no problem.

[Mrkvonic]

Hello,
It's time for circumcision!
Mrk

[swsnydert]

Quote:

Originally Posted by gkweb

All of these methods may not be convenient for everyone, and are anyway not automated. I have created a small tool removing the WGA notification tool for you :
http://www.firewallleaktester.com/tools/RemoveWGA.exe

Hi, gkweb.

I would like to thank you for making this available. It works great on the WinXP/SP2 system I tried it on. I'll try it on a Win2K/SP4 system tonight.

I'd like to make an enhancement request: a "silent" switch on the command line. My thinking is that the utility could be included in the Windows startup. If WGA is not active then there is no need to alarm the user with a dialog box. (I'm thinking in particular of the naive user who doesn't even know what WGA is.) If WGA is found to be active on the system, then the utility would behave as it does now. Something like "RemoveWGA.exe /s" could be make part of a network logon.

Thanks again.

[JRCATES]

Quote:

Originally Posted by gkweb

Yes I tried it and I was perfectly able to download and install the dozen of lastes security patch, without WGA. I did it by going to Windows Update with IE, WU checked my PC, and brough me all of the updates, including the WGA notification tool (because it was not anymore installed). I've selected all updates except the WGA one, and everything went fine.

I don't know however about the automatic update. I've disabled it anyway for the moment, I don't like to have spywares installing in the background.

In fact I am in the same position as someone who never installed the WGA notification tool. If you can, I can.

Regards,
gkweb.

EDIT : This program removes the WGA Notification tool (calling home every boot), not the WGA Validation which has validated your OS.

OK, now that I know and understand a little more about this, I believe part of my problem was that I was confusing the Windows Genuine Advantage VALIDATION tool (which I successfully installed last night) with the Windows Genuine Advantage NOTIFICATION tool (which was installed in April, and has been TRYING TO REINSTALL the past several days). I am still having a major problem here, but at elast I now know that the VALIDATION tool is nothing to worry about...but that the NOTIFICATIOn tool apparently is (and that is the one I'm having my problem with).

I checked for updates manually, and used "Custom" rather than "Express"....and as a result, I was able to install ALL Windows security updates EXCEPT FOR the Windows Genuine Advantage Notification tool (which was installed previously).

Now what I'm wondering....is IF.....someone downloads and use gkweb's utility tool to remove the Genuine Advantage Notification tool....if they'll still be able to receive "Automatic Updates". Has anyone tried or be willing to try this?

[gkweb]

I'm glad that this tool is usefull for some of you, thank you for your comments.

Quote:

Originally Posted by swsnydert

I would like to thank you for making this available. It works great on the WinXP/SP2 system I tried it on. I'll try it on a Win2K/SP4 system tonight.

I'm interested in Windows2000 results, keep us informed if you please.

Quote:

I'd like to make an enhancement request: a "silent" switch on the command line. My thinking is that the utility could be included in the Windows startup. If WGA is not active then there is no need to alarm the user with a dialog box. (I'm thinking in particular of the naive user who doesn't even know what WGA is.) If WGA is found to be active on the system, then the utility would behave as it does now. Something like "RemoveWGA.exe /s" could be make part of a network logon.

Your wish has just been done in the RemoveWGA v1.01 :
http://www.firewallleaktester.com/tools/RemoveWGA.exe

You can use the command line parameter "-silent" to make it to check, and popup only if the notification tool is found active, otherwise it exits.

The best I think is to create a shortcut, and to put it in your startup subfolder (Start -> All programs).

Code:

"C:\YourPath\RemoveWGA.exe" -silent

@JRCATES
From WSfuser (see post above) Automatic update is not affected, and from the Microsoft EULA you should still be able to download the critical updates at worst (even if your system is found to not be genuine). So I would be suprised that we would be able actually to download updates from Windows Update website (it is the case) but that we would be refused to have the updates via the automatic way. And yes, removing the WGA notification tool (spyware...) does not remove the WGA validation.

[Mele20]

Quote:

Originally Posted by gkweb

EDIT : This program removes the WGA Notification tool (calling home every boot), not the WGA Validation which has validated your OS.

Heck. I don't have the WGA Notification tool as I don't use WU/MU. I do have the WGA Validation on my host computer because it was embedded in the IE7 downloader. I was able to disable it but I want it off my computer. It will not uninstall.

Also, I want a current way to avoid validation when getting something like DirectX update at the Microsoft download site. I did a Google and the current methods for avoiding Validation at MS download are not that simple (like the ones a year ago) and designed only for those who are pirates. I have valid copies of XP that I own. I am not a pirate. I simply don't think MS should require me to let them check my computer every time I want to get an update (other than critical patches that don't require the check YET). This check they do, installs WGA on my computer and I cannot uninstall it. That bugs me the most that I can't uninstall it. It calls home also if not disabled.

I was hoping as I read this thread that this tool would uninstall WGA Validation tool as well as the Notification tool.

[WSFuser]

Quote:

Originally Posted by Mele20

Heck. I don't have the WGA Notification tool as I don't use WU/MU. I do have the WGA Validation on my host computer because it was embedded in the IE7 downloader. I was able to disable it but I want it off my computer. It will not uninstall.

Also, I want a current way to avoid validation when getting something like DirectX update at the Microsoft download site. I did a Google and the current methods for avoiding Validation at MS download are not that simple (like the ones a year ago) and designed only for those who are pirates. I have valid copies of XP that I own. I am not a pirate. I simply don't think MS should require me to let them check my computer every time I want to get an update (other than critical patches that don't require the check YET). This check they do, installs WGA on my computer and I cannot uninstall it. That bugs me the most that I can't uninstall it. It calls home also if not disabled.

I was hoping as I read this thread that this tool would uninstall WGA Validation tool as well as the Notification tool.

softpedia sometimes will have microsoft downloads. heres some examples:

DirectX Redistributable 9.0c June 2006
June 2006 Security and Critical Releases ISO Image

for updates, u can try searching filemirrors.com for teh hotfix number. e.g. Qxxxxxx or KBxxxxxx (where x is a number)

[Longboard]

@gkweb

OK:

Quote:

Yes I tried it and I was perfectly able to download and install the dozen of lastes security patch, without WGA. I did it by going to Windows Update with IE, WU checked my PC, and brough me all of the updates, including the WGA notification tool (because it was not anymore installed). I've selected all updates except the WGA one, and everything went fine.

I don't know however about the automatic update. I've disabled it anyway for the moment, I don't like to have spywares installing in the background.

In fact I am in the same position as someone who never installed the WGA notification tool. If you can, I can.

Regards,
gkweb.

EDIT : This program removes the WGA Notification tool (calling home every boot), not the WGA Validation which has validated your OS.

Thankyou.
Longboard

[Mele20]

Quote:

Originally Posted by WSFuser

softpedia sometimes will have microsoft downloads. heres some examples:

DirectX Redistributable 9.0c June 2006
June 2006 Security and Critical Releases ISO Image

for updates, u can try searching filemirrors.com for teh hotfix number. e.g. Qxxxxxx or KBxxxxxx (where x is a number)

Ahhh...I should have Googled for that DirectX update. Thanks. I had forgotten about softpedia.com. I can get critical patches without having to validate at MS download site or I can use windiz for Fx.

[Mele20]

Quote:

Originally Posted by gkweb

Hello,

I have created a small tool removing the WGA notification tool for you :
http://www.firewallleaktester.com/tools/RemoveWGA.exe


Disclaimer :
I have tested RemoveWGA.exe only on one Windows XP SP2 machine.
It should be considered as BETA for now, until it has been confirmed fully working. At worst, it will tell you that it can't and that's all, you can safely test it.
To run it, you need administrator privileges to allow it to read the winlogon process.

Probably that the readers of this forum didn't even installed the WGA thing, but this tool might be usefull for someone (I hope )

Regards,
gkweb.

I just recommended your tool to someone who has XP SP1 and said that the WGA Notification tool had put a star in his taskbar that he could not remove. It reminds him that support ends for Service Pack 1 in October. He wanted to remove it. He tried your tool and it worked perfectly!

http://www.dslreports.com/forum/remark,16294506
(guru's posts near the bottom of the thread)

[WSFuser]

Quote:

Originally Posted by Mele20

I can get critical patches without having to validate at MS download site or I can use windiz for Fx.

i just tried it and it works. it detected 5 updates total which it downloaded and installed successfully. http://img145.imageshack.us/img145/4705/mml7vs.gif