WGA notification tool uninstaller (RemoveWGA.exe)

Discussion in 'privacy technology' started by gkweb, Jun 13, 2006.

Thread Status:
Not open for further replies.
  1. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    After having read many threads on various forums, I found that everyone is using his own manual method to remove the possibly installed Microsoft WGA notification tool. Some boot into safe mode and create empty 0Kb WgaLogon.dll file, others will use the NTFS permissions to remove the execution flag from the files (WgaLogon.dll and WgaTray.exe), others will try to remove the registry entry loading the DLL, and finally some uses all methods.

    All of these methods may not be convenient for everyone, and are anyway not automated. I have created a small tool removing the WGA notification tool for you :
    http://www.firewallleaktester.com/tools/RemoveWGA.exe

    How it works :
    RemoveWGA.exe simply checks if the WgaLogon.dll is loaded into Winlogon.exe. If so, it offers you to remove the WGA notification tool. To do so, it sets both System32\WgaLogon.dll and System32\WgaTray.exe files to be deleted by Windows at the next reboot, and add an entry to start itself. After the reboot, RemoveWGA.exe deletes all WGA notification tool traces (Winlogon registry entry, dll and exe files in system32 and system32\dllcache, and the folder located at Documents and Settings\All Users\Application Data\Windows Genuine Advantage).

    Disclaimer :
    I have tested RemoveWGA.exe only on one Windows XP SP2 machine.
    It should be considered as BETA for now, until it has been confirmed fully working. At worst, it will tell you that it can't and that's all, you can safely test it.
    To run it, you need administrator privileges to allow it to read the winlogon process.

    Probably that the readers of this forum didn't even installed the WGA thing, but this tool might be usefull for someone (I hope ;))

    Regards,
    gkweb.

    EDIT : screenshots

    Before reboot :
    http://perso.orange.fr/jugesoftware/forum/wga1.gif
    http://perso.orange.fr/jugesoftware/forum/wga2.gif

    After reboot :
    http://perso.orange.fr/jugesoftware/forum/wga3.gif
     
    Last edited: Jun 13, 2006
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    thanx gkweb. its not on my computer atm, but when i reformat and use ryanvm's update pack, it will come in handy.
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    The world should be informed! Good work.

    Although I too don't need it.
     
  4. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    I'm glad that someone brought this up, because I seem to be having a bit of a problem here.

    The past few days, when I first boot up my PC for the day, I see the Windows "yellow exclamation mark" icon in the system tray....and when I move my mouse cursor over it, it says "downloading updates 0%". It stays that way for a few seconds, and then the icon just disappears.

    So...I've visited Windows Security Center Update site, to check for updates (even though "Auto-Updates" are turned on by default). I see the following when I "Review (my) Update History":

    http://img161.imageshack.us/img161/6194/failedwindowsgandownload0cy.png


    So....I manually check for any Windows Security Updates....and I get the following message:


    http://img233.imageshack.us/img233/4594/windowsgavtool6wz.png

    So it seems that this tool IS somewhat necessary, even just to simply CHECK FOR updates. Apparently, I can't even access any new updates without installing this tool....so I'm curious what exactly this tool is, why I can't get seem to get new updates without installing it, and how to go about getting new updates without installing ito_O

    Anyone who can help, I would greatly appreciate it.....
     
  5. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    As a bit of a follow-up to my post above, I notice threw my History of Updates that this Windows Genuine Advantage Notification (KB905474) actually HAS BEEN installed already previously!!!

    I've got a date of Thursday, April 27, 2006 with the status of "Successful" and the source as "Windows Update "! So I was thinking that it was ALREADY installed....not sure what all of this "CURRENT" installation dialogue is all about....
     
  6. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    Man....now this is REALLY screwed up!!!

    Apparently, I have now installed TWO "Windows Genuine Advantage Notification" tools! Here is the first installation, which took place on Thursday, April 27, 2006:

    http://img49.imageshack.us/img49/48/originalwindowsgavtoolinstall0.png


    And here is the second one that happened TONIGHT! In this screen shot, you can see that the past several days Windows has been TRYING to install the same exact code for this tool which was already installed a couple of months ago:

    http://img225.imageshack.us/img225/7234/windowsupdatesagain4uz.png

    As you can see, the 4th one down is the "NEWLY" installed Windows GAV tool with the NEW code done tonight! But just below....and then again, JUST ABOVE....Windows keeps trying to install the "OLD" code. So why was I given a "NEW" code? And which one is correct/valid?

    This is so frustrating....I can't even finish the downloads of new security updates because it can't recognize what should be the "correct" code for the Windows GAV tool!!!!:mad:
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    Thanks GK for the tool.

    I ama bit confused.
    I read the article here http://www.groklaw.net/article.php?story=20060608002958907
    and agree with all the issues raised and around the blogs as well.

    I had thought that I could not install updates and or security patches without the WGAV thingie installed?

    Is that not true? If not please show mw how to configure to access the winupdates and patches.

    I really object to the presence of the WGAV spyware. either daily or monthly!! :mad:

    Thanks
    Lbd.
     
  8. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    I can't figure out a way to "download and install" new updates without it. And that's the problem I'm experiencing....Windows has already installed the "Windows Genuine Advantage Notification Tool" (back in April), and yet it STILL tries to install it at every bootup now!!! I just manually checked for updates tonight, and shows the same code for the same tool that was ALREADY installed back in April! So my computer simply "TRIES" to install it again, and again, and again.....and according to my Winows Update history....it "fails" each time it tries to download and install!

    I get the yellow exclamation icon in the sytem tray saying "Downloading Updates 0%" at every boot-up, "Update History" shows the update "Failed".....but yet that it was successfully installed back in April!

    Can somebody PLEASE help me out with thiso_O??
     
    Last edited: Jun 14, 2006
  9. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    Did you try gkweb's tool?
     
  10. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Yes I tried it and I was perfectly able to download and install the dozen of lastes security patch, without WGA. I did it by going to Windows Update with IE, WU checked my PC, and brough me all of the updates, including the WGA notification tool (because it was not anymore installed). I've selected all updates except the WGA one, and everything went fine.

    I don't know however about the automatic update. I've disabled it anyway for the moment, I don't like to have spywares installing in the background.

    In fact I am in the same position as someone who never installed the WGA notification tool. If you can, I can.

    Regards,
    gkweb.

    EDIT : This program removes the WGA Notification tool (calling home every boot), not the WGA Validation which has validated your OS.
     
    Last edited: Jun 14, 2006
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    like gkweb said, the WGA notification tool is different than the WGA used on Microsoft/Windows Update.

    afaik, Automatic Updates is unaffected and u can still receive updates that way. u can also look into using utilities like AutoPatcher XP.
     
  12. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
  13. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Worked very well gkweb. I downloaded your tool and then the wga notification just now. I reset MS autoupdate to notify but not download or install. Reboot, no autoupdate icon appeared, run your tool and restart. The update icon showed up to install wga notification. All looks good for this XPSP2 PC. Also my firewall rules show that wgatray tried to connect out and after running the tool that has stopped.
     
  14. Oremina

    Oremina Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    209
    Location:
    England
    gkweb

    Have just tried your little tool RemoveWGA.exe and it worked just as you said.
    Thankyou very much!
     
  15. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I downloaded the two iso files that someone posted and opened them with my iso software, picked out the ones I needed and installed them...no problem.
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    It's time for circumcision!
    Mrk
     
  17. swsnydert

    swsnydert Registered Member

    Joined:
    Jun 14, 2006
    Posts:
    3
    Hi, gkweb.

    I would like to thank you for making this available. It works great on the WinXP/SP2 system I tried it on. I'll try it on a Win2K/SP4 system tonight.

    I'd like to make an enhancement request: a "silent" switch on the command line. My thinking is that the utility could be included in the Windows startup. If WGA is not active then there is no need to alarm the user with a dialog box. (I'm thinking in particular of the naive user who doesn't even know what WGA is.) If WGA is found to be active on the system, then the utility would behave as it does now. Something like "RemoveWGA.exe /s" could be make part of a network logon.

    Thanks again.
     
  18. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    OK, now that I know and understand a little more about this, I believe part of my problem was that I was confusing the Windows Genuine Advantage VALIDATION tool (which I successfully installed last night) with the Windows Genuine Advantage NOTIFICATION tool (which was installed in April, and has been TRYING TO REINSTALL the past several days). I am still having a major problem here, but at elast I now know that the VALIDATION tool is nothing to worry about...but that the NOTIFICATIOn tool apparently is (and that is the one I'm having my problem with).

    I checked for updates manually, and used "Custom" rather than "Express"....and as a result, I was able to install ALL Windows security updates EXCEPT FOR the Windows Genuine Advantage Notification tool (which was installed previously).

    Now what I'm wondering....is IF.....someone downloads and use gkweb's utility tool to remove the Genuine Advantage Notification tool....if they'll still be able to receive "Automatic Updates". Has anyone tried or be willing to try this?
     
  19. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I'm glad that this tool is usefull for some of you, thank you for your comments.

    I'm interested in Windows2000 results, keep us informed if you please.

    Your wish has just been done in the RemoveWGA v1.01 :
    http://www.firewallleaktester.com/tools/RemoveWGA.exe

    You can use the command line parameter "-silent" to make it to check, and popup only if the notification tool is found active, otherwise it exits.

    The best I think is to create a shortcut, and to put it in your startup subfolder (Start -> All programs).

    Code:
    "C:\YourPath\RemoveWGA.exe" -silent
    

    @JRCATES
    From WSfuser (see post above) Automatic update is not affected, and from the Microsoft EULA you should still be able to download the critical updates at worst (even if your system is found to not be genuine). So I would be suprised that we would be able actually to download updates from Windows Update website (it is the case) but that we would be refused to have the updates via the automatic way. And yes, removing the WGA notification tool (spyware...) does not remove the WGA validation.
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Heck. I don't have the WGA Notification tool as I don't use WU/MU. I do have the WGA Validation on my host computer because it was embedded in the IE7 downloader. I was able to disable it but I want it off my computer. It will not uninstall.

    Also, I want a current way to avoid validation when getting something like DirectX update at the Microsoft download site. I did a Google and the current methods for avoiding Validation at MS download are not that simple (like the ones a year ago) and designed only for those who are pirates. I have valid copies of XP that I own. I am not a pirate. I simply don't think MS should require me to let them check my computer every time I want to get an update (other than critical patches that don't require the check YET). This check they do, installs WGA on my computer and I cannot uninstall it. That bugs me the most that I can't uninstall it. It calls home also if not disabled.

    I was hoping as I read this thread that this tool would uninstall WGA Validation tool as well as the Notification tool.
     
  21. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    softpedia sometimes will have microsoft downloads. heres some examples:

    DirectX Redistributable 9.0c June 2006
    June 2006 Security and Critical Releases ISO Image

    for updates, u can try searching filemirrors.com for teh hotfix number. e.g. Qxxxxxx or KBxxxxxx (where x is a number)
     
  22. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    @gkweb

    OK:
    Thankyou.
    Longboard
     
  23. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii

    Ahhh...I should have Googled for that DirectX update. Thanks. I had forgotten about softpedia.com. I can get critical patches without having to validate at MS download site or I can use windiz for Fx.
     
  24. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I just recommended your tool to someone who has XP SP1 and said that the WGA Notification tool had put a star in his taskbar that he could not remove. It reminds him that support ends for Service Pack 1 in October. He wanted to remove it. He tried your tool and it worked perfectly!

    http://www.dslreports.com/forum/remark,16294506
    (guru's posts near the bottom of the thread)
     
    Last edited by a moderator: Jun 15, 2006
  25. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    i just tried it and it works. it detected 5 updates total which it downloaded and installed successfully. http://img145.imageshack.us/img145/4705/mml7vs.gif
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.