WGA notification tool uninstaller (RemoveWGA.exe)

I guess that one has to wonder about the nature of verification and malware evolution.
Does anybody think that in addition to breaking windows update and the firewall on a victim's machine - that in the future they will be able to invalidate the machine with msft to prevent it being cured

 

@IMM - No. If I understand you correctly. Everything M$ comes up with as far as XP. I believe will be able to be dealt with.

 

Hi,

gkweb's site is down right now. Anyone know of an alternate d/l source?

Thanks,

Fred.

 

Hello,

I'm moving currently to a new webhoster which can accept more connections.
The website should be available in 2 or 3 days I hope.

Sorry for the inconvenience.

Regards,
gkweb.

 

Hello! Sorry to bother you but I was woundering if you could you please send me the RemoveWGA file? the link wont work and I'm just woundering if someone here still has it. If you could please send to bluebreeze85 at gmail.com
Thanks!
phil

 

Author's site is closed for maintenance
But now you can download this great tool at TheSystemAdministrator portal

 

Hello,

The website is back online. Some of you may have to wait for the DNS update to propagate on your ISP DNS servers thought.

http://www.firewallleaktester.com/news.htm

Regards,
gkweb.

 

Anybody have the new ip for us with mediocre dns servers? (I am regretting dropping treewalk dns, even though it doesn't work with proxo...)

Alphalutra1

 

here you go : http://62.193.246.164/

Regards,
gkweb.

 

Have you seen this info yet ?

How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications

http://support.microsoft.com/?scid=kb;en-us;921914

 

Hello,

Yes Microsoft provides a "howto" to disable manually WGA notification, but all of the necessary information was already available in this forum and others, before Microsoft think to provide such document

Also, I've tested RemoveWGA against the last WGA notification update released yesteday, and it still works.

Regards,
gkweb.

 

gkweb, first off thanks for this tool.

When I first run the tool it reported WGA program running, so I rebooted and it was gone. When I went to windows updated I had to download it again just to get security updates, now removed!

So thanks

 

Hello,

more news there :
http://www.firewallleaktester.com/news.htm

I'm wondering how far MS will come

Regards,
gkweb.

 

1) Current PCWorld mag. has article about how WGA Tool is or soon will be mandatory/permanent. Period. This is MS "helping" you to find out if your ver. of OS is legit.

2) Worse... idiots around the globe (seemingly ahead of white hats all the time) are/have, been creating fake WGA Tools, to lead users astray.

Keeps on getting "better," doesn't it? Yikes, this is scary.

SG1, (Pat)

http://temerc.com/phpBB2/viewtopic.php?p=9973#9973

http://blog.seattlepi.nwsource.com/microsoft/archives/104615.asp?source=rss

 

If you're still having problems with this, I've created a (still) working fix to uninstall this annoying nag and privacy concern. I am also hosting two other fixes to ensure they are available to all who need them! You can also read my fan mail from "James Young, Internet Investigator". =)

http://www.guidoz.com/WGATray/

--
Peace. ~G

 

@GuidoZ

You may have missed the tool RemoveWGA 1.1 mentioned in this thread :
http://www.firewallleaktester.com/removewga.htm

Also a beta version is available at this link :
https://www.wilderssecurity.com/showpost.php?p=803405&postcount=15
Which, for now, has worked on 5 different Windows XP Home and Professional, against the pilot WGA notification and the final one.

Regards,
gkweb.

 

@gkweb

Appreciate your taking the time & trouble to provide this solution

Could I ask - does this rollback simply return the system back to the pre WGA state without leaving a 'significant' trace of either the WGA Tool install or your removeWGA.exe ?

Or

Is there a possibility that if someone does at sometime in the future, re-install WGA .....that their system will have traces of your .exe and that these traces themselves, might possibly trigger a false positive ? Maybe as a result of the WGA tool identifying signs of tampering with the authentication process ?

Regards
Andy

 

gkweb,

Add another successful removal of the KB905474 variant on an XP Pro SP2 fully patched. Nothing special (security wise) on this system.

 

I have manually remove WGA using microsoft's wga removal instructions

wgalogon.dll and WGAtray.exe have been removed and are not running on my system

When i run WGAremove v1.1 it does not detect WGA on my system

HOWEVER... every time i boot into windows i receive a progress bar screen- and i have not made any changes to windows, installed any new drivers etc.

I fear that WGA has detected that it has been hacked and has hidden itself somewhere and is still dialing home to microsoft for validation every time i reboot- hence the progress bar screen

 

This is getting too far... but the only part which is malicious is the notification part, the validation part is ok and needed for windows updates.

Yesterday while updating windows manually, the Microsoft Update site offered me WGA(N). I just selected all updates available EXCEPT for WGA(N) because I used RemoveWGA to get rid of it in the first place when I discovered the big truth. And I clicked on Do not show this update again for WGA(N) and did not install it at all. Haha.

 

RemoveWGA is a standalone program, it does not install on your system, and thus does not leave any traces. It's a one time use tool, you can delete it afterwards.

It is possible that few WGA notification traces left, such as log files or others, I have done my best to locate the most 'significant' files, I did not try to remove any traces. But no matter what may stays, MS sees that WGA notification is not there anymore and prompts you again to install it.

RemoveWGA does not install nor hooks into your system, it simply remove some files and registry entries, and then can be deleted.

Regards,
gkweb.

 

So you had the pilot version of WGA notification which is fully detected and easily removed anyway by RemoveWGA.

Then it means that the manuals steps you followed have worked.

How do you know it is the WGA notification ? Couldn't it be the WGA Validation or the Windows activation process ? Can you post any screenshot ?

As far as I know, MS was aware of RemoveWGA 1.02 and made their WGA notification final version resistant to it, but it does not survive against the 1.1 version or the 1.2 version which will be released soon. Have you Automatic Updates enabled and configured to automatically download and install critical updates ? If yes, be aware of not reinstalling the "update" again on your system.

Regards,
gkweb.

 

Appreciate the reply gkweb

 

So MS finally recently started providing details on their website of how to disable WGA but then seemingly go and do this

Control freaks, and underhand work once again by MS, if accurate

 

RemoveWGA 1.2 finally released :
http://www.firewallleaktester.com/news.htm

Changelog :
http://www.firewallleaktester.com/removewga_changelog.htm

Thank you very much to Devinco and TheQuest for their testing

Regards,
gkweb.