Microsoft distributes the Windows Genuine Advantage Notification Tool (KB905474) through the WindowsUpdate mechanism. This tool should detect fake Windows serial numbers and nag the user. Interestingly, Microsoft hid a small paragraph in their EULA after that the tool sends daily(!!) reports to Microsoft. According to MS this “is neccessary” since the tool is BETA and MS needs to be able to react if it goes crazy. Yeah … sure!
Sadly, if you installed it by accident, there’s no easy way to remove it. No entry in the Add/Remove Programs window. You could restore a backup of your disk or use System Restore, but after some Google’ing I found this site which lists 16 ways to remove the WGAN.
The first method seemed to be the best and so I used AutoHotkey and automated it.
Download here: wganuninst.zip
How it works
- the files
WgaLogon.dll
andWgaTray.exe
get moved out of%WINDIR%\system32
and%WINDIR%\system32\dllcache
, renamed and marked for deletion upon next boot - the running process
WgaTray.exe
gets killed (if the file would still be insystem32
, it would get restarted through theWgaLogon.dll
) - the 2 uninstall entries and the
WLNotify
entry get deleted from the registry - Now everything should be as it was before the WGAN infected your PC.
Reboot and everything should be fine again.
To not get the tool again through the automatic WindowsUpdate, set the update to Notify but don’t download and when it asks for the WGAN, de-select it and choose Don’t show again.
Alternative
Using muBlinder you can patch your LegitCheckControl.dll
with new version data so that the WGAN thinks everything is fine. After 3 or 4 reboots, the warning messages should be gone. If not, muBlinder can also remove it.
WindizUpdate
Users of Firefox or Opera can get WindowsUpdates without any WGA testing through WindizUpdate. You even get updates for Mozilla-components or some hardware.
Thanks for the help