When WGA detects a problem, it lets you keep running Windows, periodically popping up nag screens informing you that your Microsoft software may be counterfeit. If this happens to you, you should pursue the process that WGA presents; it may provide you with information that will help you rectify the problem.
For example, in my tests I was able to make the WGA "counterfeit" warning appear by changing the date of the system clock one month later. The Web-based WGA program was able to determine that was the problem and it suggested I reset the system date. When I did that, the WGA warnings disappeared. While most WGA detections don't resolve that easily, it can't hurt you to learn as much as you can about why WGA believes your copy of Windows or Microsoft Office may be illegitimate.
With nag screens the extent of the negative effect, WGA doesn't have much of a bite -- for now. But might that change in the future? Microsoft has said it won't "turn off" illegitimate copies of Windows. But could the software giant be interpreting that literally? The more likely preventive measure probably isn't turning off the computer. It's not hard to imagine that WGA might direct its predecessor, Windows Product Activation (WPA), to lock you out of your computer. When WPA kicks in, the computer boots to a login screen that doesn't let you use the computer until a valid activation code is entered. In Vista, this WPA screen links to an option that lets you buy a new copy of Windows, letting you use Internet Explorer for that purpose.
Microsoft has more than once alluded to the fact that it is reserving the right to enforce the installation of WGA on all computers, possibly sometime early this fall. WGA is built into Windows Vista, without any user option to remove it. It's simply not known how Vista's version of WGA will behave.
It is still possible to both remove WGA and to prevent it from attempting to reinstall after you have removed it.
How to ditch WGA
There are many sites online that purport to help you remove WGA from your system, but Microsoft recently changed WGA and many of those sites now offer outdated advice. I have yet to see a definitive work on removing WGA, and I don't consider this writing to be either. Since WGA is still in beta, and still under development, I suspect that the best set of instructions is yet to come.
A large portion of these instructions are based on Microsoft's "How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications" KnowledgeBase article, which showed a July 12, 2006 revision date at the time that I prepared this article
Important: These instructions require editing the registry. You may want to start by creating a System Restore point so that you can revert to it in the event that something goes wrong. Also, I attempt to go beyond uninstalling WGA Notifications to uninstalling other aspects and leave-behinds of WGA. I can't promise that you won't run into trouble. The one thing I can tell you is that I've done all this on my own computers without incident.
To make a System Restore point, open the Start menu, choose Run, copy and paste this line into the Run field, and press Enter:
%SystemRoot%\system32\restore\rstrui.exe
If you prefer not to mess around with the System Registry yourself, there's a free utility called RemoveWGA 1.2 available for download on the Internet from Firewall Leak Tester.
Removing WGA: step by step
1. In the Add or Remove Programs Control Panel, turn on the "Show Updates" check box at the top.
2. Open the Folder Options Control Panel. Click the View tab. Remove the check, if any, beside "Hide extensions for known file types." While you're at it, click the radio button beside "Show hidden files and folders" and uncheck the box beside "Hide protected operating system files." Click OK. (Note: If children or computer novices use your computer, you'll want to reverse these steps later.)
3. Start by searching your entire system boot drive for any file containing the letters "wga".
4. If WGA is installed on your computer, the search should return the filenames WgaLogon.dll and WgaTray.exe in your \Windows\System32 folder. You'll also find WGA's LegitCheckControl.dll in the same folder (but it won't be in your search results). You may well have several other search results, and we'll come back to those later.
5. In the search results window, rename the following two files as shown:
WgaLogon.dll => WgaLogon.old
WgaTray.exe => WgaTray.old
5. Restart your computer.
6. Open the Start menu, choose Run, type "cmd" without the quotation marks and press Enter. This runs the Windows command-line console.
7. In the black command-line box, type the following line of text, then press Enter:
Regsvr32 %Windir%\system32\LegitCheckControl.dll /u
8. Restart your computer.
9. Use Windows Explorer (any folder window) to navigate to the \Windows\System32 folder and delete these files:
LegitCheckControl.dll
WgaLogon.old
WgaTray.old
10. Open the Start menu, choose Run, type "regedit" without the quotation marks and press Enter. This opens the Registry Editor.
11. Locate and delete the last subkeys (folders) in these locations in the Registry. (Note: HKLM stands for HKEY_Local_Machine.)
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\WgaLogon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify
Note: Just to be clear, for that first line, you would navigate through the Registry beginning with HKEY_Local_Machine area, tunneling in by opening each folder named in the Registry path until you can see the WgaLogon folder on the left side of the Registry Editor. Then just delete that folder. Repeat for the other Registry subkey, WgaNotify.
12. That ends Microsoft's initial instructions. On my computers, I reboot my computer at this point. When it comes back up, I search the entire Registry for WGA and remove all subkeys that are clearly related to WGA. They frequently appear in pairs with the subkeys of WGA and WgaNotify side by side. Here are the locations I usually find:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA
HKLM\SOFTWARE\Microsoft\Updates\WGA
HKLM\SOFTWARE\Microsoft\Updates\WgaNotify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WGA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WgaNotify
13. The next step is to delete other WGA files returned in your search. Note: It's not absolutely essential for you to remove every last trace of WGA, especially when this can get you into trouble. For example, wgaapi.dll isn't part of Microsoft WGA, it's part of a wireless networking driver. Only delete things you know are part of WGA. Any file you find with "wganotify" in it is part of WGA and may be deleted.
On several of my computers I didn't find WGA installed, but I did find an installer for it that seemed poised to run the installation. Presumably that's because the computers were using the Automatic Updates setting that downloads -- but does not install -- updates without your permission. I haven't made a study of this, but you can delete these installers as well. They're usually located in a gobbledy-gook (hash of alphanumeric characters) folder. The best thing is just to delete the folder itself. You may find that the operating system blocks you from doing so. If so, you can either reset the file object permissions (assumes you have the NTFS file system and you're running with Simple File Sharing turned off) or you can boot into Safe Mode and try deleting them there. If you're not sure how to do these things, leave it be or get help from someone knowledgeable about these things. This installer is not going to cause problems if you follow the steps in the next section.
Prevent reccurrences
So long as Microsoft continues to make WGA optional, the following steps should help you avoid the reinstallation of the anti-piracy measure.
1. Change the Automatic Updates Control Panel setting to "Notify me but don't automatically download or install them." From now on, you will need to closely monitor every update that Microsoft wants to install on your computer.
2. Wait for the yellow shield icon to appear in your system tray that signifies that updates are available. This can take as much as two days, but it's usually only a couple of hours.
3. Click the yellow icon and if prompted, choose the "Custom Install" option, which will bring up the "Choose updates to download" dialog.
4. Remove the check mark beside any entry that contains the words "Windows Genuine Advantage" and click Cancel.
5. Yet another box will open called Hide Update. Remove the check mark beside "Don't notify me about these updates again."