Every time you go to the Windows Update site, your PC 'phones home', contacting the Microsoft servers so your copy of Windows can be checked for authenticity. This is all well and good, you might think. Microsoft doesn't want people to use pirated copies of its operating systems and it has every right to check up on this.
But what if I told you that if you have Automatic Updates enabled, you may well have downloaded a WGA Notifications program - that contacts Microsoft on a much more regular basis - without even knowing you've done it?
Worse still, this program could potentially be sending Microsoft more information than just which OS you're using and what licence key it has. To many industry analysts, WGA is no better than spyware, contacting the company when you're merely logged on to the Internet. You don't even have to be on the Windows Update site. And there have been plenty of instances where innocent owners have been repeatedly receiving pop-ups telling them that the copy of Windows they are using is illegitimate.
There is a tool available to remove WGA Notifications from your PC if you think it might have invaded your system (see "Useful downloads"). Visit http://forums.microsoft.com/Genuine/ShowForum.aspx?ForumID=442&SiteID=25 if you want to find out more and what others think of WGA.
This month, we show you how you can disable WGA notifications. The steps require some care, however, as some involve editing the registry. Some tips also require XP Pro, rather than the Home edition.
Remove WGA Notifications
- Go to Control Panel-Add or Remove Programs and turn on Show Updates. Open Folder options and click View. Uncheck "Hide extensions for known file types", click the button beside "Show hidden files and folders" and deselect "Hide protected system files".
- Next, search your boot drive for any file containing 'wga'. Open Start-Search. You will need to configure Search to look through system folders, hidden files and folders and subfolders. Initiate your search for drive C or D (you need the drive Windows is installed on).
- If WGA is installed on your PC, the search should return the filenames WgaLogon.dll and WgaTray.exe in your Windows System32 folder. You'll find WGA's LegitCheckControl.dll in the same folder, but not in your search results. You may have several other search results, but we'll come back to those later.
- In the search results window, rename the following files: WgaLogon.dll to WgaLogon.old; and WgaTray.exe to WgaTray.old. You can delete these files after a subsequent reboot if you prefer. At this point, WGA Notifications is disabled so you can stop. If you do wish to continue, open Start-Run, type regedit and press <Enter> to open the Registry Editor.
- Now you need to locate and delete the final subkeys you find in the following locations: HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\WgaLogon; and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify.
- You may want to reboot and remove HKLM\SOFTWARE\Microsoft\Updates\WgaNotify and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WgaNotify. But don't remove every instance of WGA in the registry. Wgaapi.dll, for instance, is a wireless networking driver. You can safely delete any file with 'wganotify' in its name, however.