How to Remove Windows Genuine Advantage Notifications

Posted by | March 10, 2011 | Uncategorized | One Comment

After seeing that more and more people land on my website looking for a way to Remove Windows Genuine Advantage Notifications I have decided to post a way to actually do that. Is an old one but still works. I wait your feedback. Altough this website does not support software privacy and I myself encourge my readers to support the software vendors from time to time some things like this eventually happen. So please try this methods in order to Remove Windows Genuine Advantage Notifications:

Method 1 – Delete method (manual)
Method 2 – Rename method (manual)
Method 3 – RemoveWGA.exe utility (automatic)

Delete Method

In case you have only installed Windows Genuine Advantage notifications, basically using the method restore function will remove the program. Then refuse to accept the WGA update next time Windows updates. Otherwise, proceed as detailed below. (NOTE: In case you try these steps while you are in “Safe Mode,” step #8 is unnecessary).


First, try the following:

Open a Command Prompt window by clicking on Start -> Run. Type CMD and press OK.

Change Listing in to the System32 Folder (type cd windowssystem32)

Open a Notepad window and type the following lines:
taskkill -IM wgatray.exe
del wgatray.exe
del wgalogon.old

Highlight and copy the three lines above to the Clipboard.

Paste the contents of the Clipboard to Command Prompt.

This ought to kill the wgatray.exe method from the Taskbar and immediately delete both files wgatray.exe and wgalogon.dll without the necessity to to go through all steps bellow.

If that does not work, follow the steps below:

Open System32 by either of the following methods:

Click “Start” -> “Run”, then type “system32″. Click “Okay”.
Find system32 by hand by clicking “Start” > “My Computer” > “(C:)” (or whatever your drive letter is) > “WINDOWS” > “system32″.

In “system32″, go to “Tools” > “Folder options”, click on the tab, “View”, and uncheck “Hide extensions for known file types” if it is not already.

Check to make positive the window that comes up has a full screen of various files. The files are in alphabetical order, which makes it simpler to locate the specific file.


Find “WgaLogon.dll” and rename it “WgaLogon.dll.bak”.

Generate an empty copy of WgaLogon.dll:

Right click on a blank space in system32 and select “New” > “Text Document”.
Leave the text document empty and label it “WgaLogon.dll”. Press Enter (on your keyboard).

You may receive a warning from the above step that says, “If you change a file name extension, the file may become unusable. Are you positive you require to change it?”. Click “Yes” on this warning.

Be prepared to complete the next seven steps quickly! Find “WgaTray.exe” in “system32″ and delete it. You will then have 5 seconds to find “WgaTray.exe” in the Task Manag

er (the next step). NOTE: In case you remove the files mentioned above while you are in “Safe Mode,” step #8 is unnecessary.


Immediately open Task Manager. You can do this by pressing the Ctrl, Shift, and Esc keys simultaneously, pressing the Ctrl, Alt, and Delete keys simultaneously, or right clicking the Taskbar and selecting “Task Manager”. Click on the method tab and click finish method when “WgaTray.exe” is selected. Note: In case you take longer, do not panic! All that will happen is that “WgaTray.exe” will keep reappearing in the processes list (i.e. you won’t be able to delete it as necessary). To remove the notifications after this, return to system32. You will find seven files:”WgaLogon.dll.bak” (the one you renamed) and an Application Extension (0KB) called “WgaLogon.dll”. Delete the Application Extension, rename “WgaLogon.dll.bak” to “WgaLogon.dll” and repeat the steps from the fifth one onwards (at a greater speed!!).

Restart your computer one time you have completed. All the notification messages ought to be gone. Remove Windows Genuine Advantage Notifications

Rename Technique

Open a CMD window by clicking on Start -> Run -> type CMD and click OK.

Open a Notepad window (Start -> Run type NOTEPAD click OK) and type or copy (select the lines, and then press Ctrl-C) the following lines and paste (Ctrl-V) in to the Notepad window:
CD %systemroot%system32
rename wgatray.exe wgatray.exe.bak
rename wgalogon.old wgalogon.old.bak
rename LegitCheckControl.dll LegitCheckControl.dll.bak
taskkill /F /T /IM wgatray.exe
del wgatray.exe.bak
del wgalogon.old.bak
del LegitCheckControl.old.bak

Make sure there is a blank line at the finish of the text document, right after the last line.

Select all the text (Ctrl-A) and copy to the clipboard (Ctrl-C)

Paste the clipboard in to the CMD Window (right click -> Paste)

This ought to kill the wgatray.exe technique and delete the files it makes use of.

If the there’s not the above files(wgatray,…) in your system32 folder, then basically search for wga in the windows folder .you will find wga related files in a folder with the name “KB905474″ that has been added in the work of a windows update.delete the said folder and restart your PC.

Good to know.

This method will only get rid of the notifications, and won’t validate your copy of XP. It will remove the timer at the beginning of your XP log on, the white notice on the log on screen, and the annoying yellow star that appears in the bottom right corner of the screen.
This is simpler to do in case you have somebody reading the steps to you while you do it.
You may require to Find Hidden Files and Folders in Windows to get to System32 by hand.
If task manager processes are moving, click the title of the “image name” row to freeze them.
In case you are having issues after this, disable the updates before rebooting.
There is a program called RemoveWGA which does all of this for you. run the program, click yes, and you are done. (See Outside Links, below.)
In case you have issues changing files in the system32 listing, you will must turn off Method Restore. Go to “Start” -> “Control Panel” -> “System” -> “System Restore” and check the “Turn off method restore” check box.
You won’t be able to make use of Automatic Updates anymore; in lieu, you require to by hand update them. In Outside Links, there is a program that will let you update any method, irrespective of if it is genuine or not.
You can also rename WgaTray.exe to WgaTray.exe.bak in case you cannot remove WgaTray.exe from your Taskbar. Press Ctrl+Shift+Escape to do so.
It will be useful to have Task Manager open first before deleting WgaTray.exe

Warnings about Remove Windows Genuine Advantage Notifications

Do not edit anything but what is told in system32, or it could cause system start up failure.
In case you are new to computers, do not attempt this because in case you change the wrong file you may crash your computer.
This is not necessary for systems older than Windows 2000, as older versions of Windows do not have WGA installed. This list includes Windows 3.1, 95, 98, NT 3.51, and NT4. (WGA now installs for Windows 2000 looking for the most often used pirated keys.)
In case you don’t have a actual version of Windows, it is better to get it because you will be eligible get non-critical updates, IE7/8, and Media Player 11.
In case you are not using a actual version you will still get critical updates.

RemoveWGA utility

You can also try this utility in order to remove the message your copy of windows is not genuine.’

A small utility that enables you to remove the Microsoft Windows Genuine Advantage Notifications tool

RemoveWGA will enable you to easily remove the Microsoft “Windows Genuine Advantage Notifications” tool, which is calling home and connect to MS servers every time you boot. Futures updates of this notification tool will (officialy) setup the connection rate to once every two weeks.

Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot.

Moreover, connecting to Microsoft brings security issue for corporate networks, and privacy issues for everyone. It is also unclear which information are transmitted (Microsoft published an official answer, but an individual study brought some questions).

All of that, along the fact that Microsoft used deceptive ways to make you install this tool (it was told you it was an urgent security update, whereas it is a new installation giving you no extra security) makes me calling this tool a spyware.

Also, Windows Genuine Advantage Notifications is different than Windows Genuine Advantage Validation. RemoveWGA only removes the notification part, phoning home, and does not touch the Validation part.

Note: Some antivirus and antispyware programs flag RemoveWGA as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. This is called a ‘false positive’. The term false positive is used when antivirus software wrongly classifies an innocuous ( inoffensive ) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. [Similar problems can occur with antitrojan or antispyware software.]

Remove Windows Genuine Advantage Notifications

About Network Security

At we believe each of us plays an important role in network security, and data protection. The articles on this site were written to keep each of us informed on the ever changing security scene so that we might stay one step ahead of those who would compromise our systems. If you have an article that you feel our visitors would benefit from please submit it via the contact form, or via email and we will publish it in the next available slot.

One Comment

Warning: file_put_contents(): Only 0 of 67735 bytes written, possibly out of free disk space in /home/security/public_html/wp-content/advanced-cache.php on line 957

Fatal error: Uncaught exception 'Exception' with message 'Quick Cache: failed to write cache file for: `/how-to-remove-windows-genuine-advantage-notifications/`; possible permissions issue (or race condition), please check your cache directory: `/home/security/public_html/wp-content/cache/quick-cache/cache`.' in /home/security/public_html/wp-content/advanced-cache.php:965 Stack trace: #0 [internal function]: quick_cache\advanced_cache->output_buffer_callback_handler('<!doctype html>...', 9) #1 /home/security/public_html/wp-includes/functions.php(3282): ob_end_flush() #2 [internal function]: wp_ob_end_flush_all('') #3 /home/security/public_html/wp-includes/plugin.php(496): call_user_func_array('wp_ob_end_flush...', Array) #4 /home/security/public_html/wp-includes/load.php(613): do_action('shutdown') #5 [internal function]: shutdown_action_hook() #6 {main} thrown in /home/security/public_html/wp-content/advanced-cache.php on line 965