Windows Genuine Advantage: What it is, how to ditch it

Windows Genuine Advantage (WGA) software is installed on computers running Windows XP via Microsoft’s online update services. For most XP users, that means Automatic Updates, which Microsoft has worked very hard since Windows XP SP2 to make us run in full-automatic mode. WGA has already appeared in several beta versions, with slightly different behaviors, and Microsoft appears to be still actively developing this tool. For many people, the fact that the software giant delivers WGA as a security update is another strong note of insincerity. Microsoft may kid itself into believing that WGA has some sort of security aspect, but many knowledgeable computer users aren’t buying that.

When WGA detects a problem, it lets you keep running Windows, periodically popping up nag screens informing you that your Microsoft software may be counterfeit. If this happens to you, you should pursue the process that WGA presents; it may provide you with information that will help you rectify the problem.

For example, in my tests I was able to make the WGA “counterfeit” warning appear by changing the date of the system clock one month later. The Web-based WGA program was able to determine that was the problem and it suggested I reset the system date. When I did that, the WGA warnings disappeared. While most WGA detections don’t resolve that easily, it can’t hurt you to learn as much as you can about why WGA believes your copy of Windows or Microsoft Office may be illegitimate.

With nag screens the extent of the negative effect, WGA doesn’t have much of a bite — for now. But might that change in the future? Microsoft has said it won’t “turn off” illegitimate copies of Windows. But could the software giant be interpreting that literally? The more likely preventive measure probably isn’t turning off the computer. It’s not hard to imagine that WGA might direct its predecessor, Windows Product Activation (WPA), to lock you out of your computer. When WPA kicks in, the computer boots to a login screen that doesn’t let you use the computer until a valid activation code is entered. In Vista, this WPA screen links to an option that lets you buy a new copy of Windows, letting you use Internet Explorer for that purpose.

Microsoft has more than once alluded to the fact that it is reserving the right to enforce the installation of WGA on all computers, possibly sometime early this fall. WGA is built into Windows Vista, without any user option to remove it. It’s simply not known how Vista’s version of WGA will behave.

It is still possible to both remove WGA and to prevent it from attempting to reinstall after you have removed it.

How to Ditch WGA

There are many sites online that purport to help you remove WGA from your system, but Microsoft recently changed WGA and many of those sites now offer outdated advice. I have yet to see a definitive work on removing WGA, and I don’t consider this writing to be either. Since WGA is still in beta, and still under development, I suspect that the best set of instructions is yet to come.

A large portion of these instructions are based on Microsoft’s “How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications” KnowledgeBase article, which showed a July 12, 2006 revision date at the time that I prepared this article

Important: These instructions require editing the registry. You may want to start by creating a System Restore point so that you can revert to it in the event that something goes wrong. Also, I attempt to go beyond uninstalling WGA Notifications to uninstalling other aspects and leave-behinds of WGA. I can’t promise that you won’t run into trouble. The one thing I can tell you is that I’ve done all this on my own computers without incident.

To make a System Restore point, open the Start menu, choose Run, copy and paste this line into the Run field, and press Enter:

%SystemRoot%\system32\restore\rstrui.exe

If you prefer not to mess around with the System Registry yourself, there’s a free utility called RemoveWGA 1.2 available for download on the Internet from Firewall Leak Tester.

Removing WGA: Step by Step

1. In the Add or Remove Programs Control Panel, turn on the “Show Updates” check box at the top.

2. Open the Folder Options Control Panel. Click the View tab. Remove the check, if any, beside “Hide extensions for known file types.” While you’re at it, click the radio button beside “Show hidden files and folders” and uncheck the box beside “Hide protected operating system files.” Click OK. (Note: If children or computer novices use your computer, you’ll want to reverse these steps later.)

3. Start by searching your entire system boot drive for any file containing the letters “wga”.

4. If WGA is installed on your computer, the search should return the filenames WgaLogon.dll and WgaTray.exe in your \Windows\System32 folder. You’ll also find WGA’s LegitCheckControl.dll in the same folder (but it won’t be in your search results). You may well have several other search results, and we’ll come back to those later.

5. In the search results window, rename the following two files as shown:

WgaLogon.dll => WgaLogon.old
WgaTray.exe => WgaTray.old

5. Restart your computer.

6. Open the Start menu, choose Run, type “cmd” without the quotation marks and press Enter. This runs the Windows command-line console.

7. In the black command-line box, type the following line of text, then press Enter:

Regsvr32 %Windir%\system32\LegitCheckControl.dll /u

8. Restart your computer.

9. Use Windows Explorer (any folder window) to navigate to the \Windows\System32 folder and delete these files:

LegitCheckControl.d

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s