Recently, one of my clients, bought 5 refurbished Dell desktops, direct from Dell. After installing their software (medical programs, its a doctors office) , and completing a reboot, I watched as every single one of the 5 systems popped up a warning with something along the lines of , ” You may be a victim of software piracy “. Well I know that part of the refurbishing process involves reinstalling a new copy of windows…so I couldn’t logically understand why the software would trigger the cd-key to now register as a non valid copy.I called Dell and once I got on the phone with a rep, I asked how this could be possible. We tried a few different methods to get it to stop, but even re-validating the key proved un-responsive. After about an hour, I figured I would just end the call on a friendly note and figure a seperate way around it.
First off, its easy to see that the process is the ‘wgatray.exe’ process. Annoying as shit, is the fact that if you end the task, it atuomatically re-appears over and over. After attempting to remove all known files from registry named ‘wgatray.exe’, I figured a reboot would finalize the removal, but lo and behold it reappears after a reboot. I assume there must be another location, or a tagfile associate with it, re-creating the wgatray.exe and slapping it back into \system32 .
A quick google search later, I find that there are several locations and several files, as well as to start in safe mode in order to properly remove the warning. So heres the “how to” :
You can try this, I didn’t use this, but it basically tags the registry to a “0” so that it just can’t enable to check for genuine windows, but personally I’d rather remove it completely. Download here
Ive read other methods, and it didn’t make to much sense, majority of them say to open task manager and disable wgatray.exe, then restart, problem is, it instantly re-appears, before you could even hit “restart”. Not only that, but restarting then entering safe mode, it wouldn’t have mattered if you disabled wgatray.exe before restarting or not, since it isnt going to load anything in safe mode that isn’t absolutely needed to run the system. Here is the easiest method:
1. Restart your computer, hit F8 before windows loading screen to go into the safe mode menu.
2. Select Safe mode (not with networking, and not with command prompt)
3. Once your in windows, goto START>RUN> type “regedit” (without the qoutation marks) and hit ENTER.
4. Goto EDIT, select FIND
5. Search for wgatray.exe, delete any reference found, (after it finds it the initial first time, just hit F3 to continue the search. Continue to delete anything it stops on.
6. Scroll all the way back up inthe registry editor, and select My Computer (one click. not two) and start a new FIND, this time were looking for Wgalogon, again, delete any references found.
7. Lastly, again, click on My computer, and start a new FIND, searching for LegitCheckControl.dll , again delete any references found.
8. Reboot and your finished, if not, you may have missed a registry entry.
BTW you should be able to continue to download Windows update (when set to automatically download an install).
This is for informative purposes only.
***UPDATE***
Here’s the latest update, as of May 23rd 2009, You need to do a broader search in regedit now, no you can’t mess anything up unless your a complete moron, Its safe to delete any of the files, just do a search after you performed the previous search listed above in regedit. Search for WGA, and delete any keys or folders with it. This should fix any of the last remaining people in XP that are still having a problem removing it. Please check my post on Vista (any version) crack, and OEM registered change, 100% validation check, I have recently updated that as well.
***UPDATE***
I also have ALL Versions of WINDOWS VISTA x86 x64, WINDOWS 7 x86 x64, Windows XP, Windows genuine bypass, and cracks, They are all located here in the blog
Exempt's - Sinful Syndication 
thanks a lot
this really did the trick saved me a lot of hair tearing
thanks again
dear i tried ur formula but its not working….i changed it then as:
search wgalogon.dll and rename it as wgalogon.dll.bak.
then change name of wgatray.exe as wgatray.exet
then terminate the wgatray process in end task and then remove both fils from system 32 folder….wgatray.exe will be removed but other will not…then restart system and delete that file too….
so its easy way now: ) god bless u all
You’re a god among men. Annoying as shit is an accurate description
Thanks man! From annonimous.
“This is for informative purposes only.”
Quite informative indeed, thanks for the detailed walk-through.
It worked where others did not.
No Problem, glad I could help!
thank you for this info. ive used it and it worked!
this shit even started in safe mode:@
is it safe? are you guys real or are you planting virus in the registry. Sorry, but in todays world, you do not know what it good and what is bad. Ever in advertisements, the stars really don’t need to try what they are selling. People are more trusted if they are important people.
Your a retard… how is DELETING SHIT… causing a VIRUS INSERTION?
THANKS, WORKED LIKE A CHARM…
glad everyone could use this 🙂 always “informative purposes” to protect my ass!
worked , helped , thanks alot
Thank you. It cleared up the problem right away!
I couldn’t find the first file “wgatray”, but I took out the others and I’m back to nornal. Awesome info. Thank you. I would recommend a registry backup / setting a new restore point. Thanks again for the info.
I’m having a problem.
There’s a value that I’m not being allowed to delete: ab(default) REG_SZ (value not set)
I’m able to remove everything else except this, and when I reboot, everything I’ve previously deleted if back again.
Help!
Any any advice on how I can cut the heads off this hydra would be most appreciated.
Katrina, you should run regedit under safemode, and make sure that you scan the entire directories twice after deleting and before restarting back into normal mode. If the problem still persists, then I can hop onto crossloop and do it for you. Sorry for the delayed response, I have been ridiculously busy!
Cheers. That worked brilliantly.
Thanks much David. All’s well now, and it’s much appreciated.
dude, this stuff still appears in safe mode. also, when I try finding something in regedit while in safe mode, regedit stops responding and refuses to do anything.
Thanks! One small problem, I think after running Windows Update it makes it come back! I am using the website to do my updates though.
You are really a worthy guy!!
I have an odd question for you. Has this program ever been taken over / mimicked by a virus? I am having something called wgatray.exe starting from a location it definitively does not belong in… (my H:/ drive when my only OS is located in C:/) It has not attempted to start on any other drive.
Has this happened to anyone else? I am just trying to figure out if it should be deleted from there and how to get rid of it and maintain my ability to update.
Hold on a minute – is this what is causing my computer to shut down suddenly with a blue screen? I know it’s not a virus , as i’ve got every software known to run and check. Is this wgatray/winlogon thingy an application by any chance?
I keep getting this every once in a while with a win32sys.exe problem, and just follow the chkdsk repairs and fixes like it says after rebooting and going to the microsoft site. Has this anything to truly do with this WGA at all?
I know my system is a legit one and i have automatic update on so that i get all the relevant updates etc. However, my question is, if i delete this wga.exe in the regedit, will this not stop the system from updating automatically with all the necessary files? – as that has happened before on the previous pc
N.B. I’m stating this because i remember the computer i had before was not legit and i had a pc built from scratch free of charge (current one) after this by the same person, and i stressed to him that i want a genuine pc without warnings that it’s not a genuine pc and he said it will be. I don’t even know how to find the license key for this pc and have no disk.
Thanks a lot man! I havent tried this yet but i’m sure it will work. BTW. I have zone alarm and it said wgatray.exe is attempting to access the internet or something and I pressed deny (Dont allow) so i got no notifications. I’m sure it will ask me again on the next update but i’ll do the same. Thanks!
Hi there..
I had a problem with the office but not with windows. My windows is good but this appered as if i opened up any office software like word, excel powerpoint or even outlook. I have done all as above but this thing still pop up when ever i opened all the office software. Is there other way to disable it.. Need responed..
Thanks..
~anjang~
thiis website soooooo goood
at last i can remove this problem
Thank you so much for the simple walkthrough. Been trying everything else that my modest knowledge with computer allowed without more than temporary removal. I now yours and it seems to work, so thanks again for saving me from this wee bit annoying wgatray!
thank you i followed you walkthrough and removed it. Thanks again.
This did not work for me, it is not only for Windows (XP or Vista) but office
I removed all, check 3 times, rebooted, and it was back
Must have a new hidding place!!
@ Shark,
Even with all patches from Windows Update, this works to remove the annoying Windows Genuine Advantage, depending on your method of searching registry, you can accidently leave traces of the program, which will re-populate if youve left one instance of it running, thats why I recommend safemode when doing this.
I’m running win.xp with sp2 and as other posts stated for some reason I started getting the counterfeit messages and I know the win. is legit.
I tried what you suggested but it can’t find any wgatray.exe however when I search
wgatray.exe it finds wgatray.exe-350D4455.pf and says it in windows/prefetch
My question is do I run that in find and delete all OR are they the same ???
Thanks
@ Wayne delete any and ALL instances of WGAtray.exe regardless of what is connected to the file name, its basically like a virus, make sure your in safe mode , if its still there, lemme know I have other ways to get it off
Hi,
I’m afraid this has not worked. I went over this several times to ensure I did everything correctly.
What i did notice is that the only registry it found was on the first search, for wgatray.exe, and it only found one. Pushing F3 found no more, and neither was there any for the other terms searched for
Cheers
Dean
Thank you very much it helped a lot
Short, 1-2-3 version of the above tutorial: (1) Reboot into SafeMode, (2) Launch regedit, and (3) Delete all occurrences of “WgaTray”, “WgaLogon” and “LegitCheckControl”.
Here is a lucky screenshot of WgaLogon.dll as it is being loaded into the memory of a SafeMode’d WinXP: http://img6.imageshack.us/img6/5110/wgalogonstartseveninsaf.jpg (Lucky, because the text only flashed by for a second.)
If you didn’t find any “WgaTray”s, you are not alone. I don’t seem to have any of them either. If the problem still isn’t fixed by the above, have a go at deleting everything with “Wga” in it too (especially “WgaNotify”).
–3ICE
I tried this simple move and worked so far : cut the 2 files from system32 : wgatray and wgalogon and move them elsewhere. You can do it even though they are active processes. Restart the computer and…that’s it. After that you can delete the 2 files.
Thanks, explained a lot. With wgatray running, nothing else would start.
Sometimes you can rename the offending files without moving them. Just add a number to the file name so you can undo it if Windoze refuses to operate.
God save us from nanny software that decides how we will use our computers. If my apps would run under Linux, I wouldn’t have this problem.
Oh, that worked a treat! I salute you! Vigorously! In the Face!
Love and hammers, but mostly love,
Olwah
hey this is simply superb yaar… its really working thanks alot…
Umm when you say reboot what do you mean? by like losing all my files n stuff??
Ravi is a funny person. 🙂
Rebooting means restarting your computer.
START –> Turn off Computer –> Restart
Losing all your files only happens when you reinstall your OS. That is an entirely different thing compared to rebooting. (You can not accidentally reinstall your OS either. The disc to do that costs 100 dollars.
Of course file loss can happen when you reboot, but only if you leave for example Microsoft Word running with an unsaved document in it that you just typed. Close every window (on your screen, not in your office) and save every document you worked on in your session before rebooting.
Thanks a lot, dude..
at last i can kick that shit from my computer!
or you can down load “sysinternals autorun” and disable it but be carefull not to disable anything you need
i got u but m not getting this wgatray.exe from run but i can get it from search wat to do plz guide me
“This is for educational purposes only”
Aha, thanks GHENCEA.
Thought I’d try your solution first of all.
The simple rename of the 2 system32 files seems to have done the job.
So far anyway.
Thanks for the info.
😀 😀 😀
And you too, David, for your work, introducing the topic, and providing space for others to contribute
😀 😀 😀
Friggin awesome,
The little piece of #$%& keeps popping up every time I startup and it’s driving me nuts, nuts, nuts.
Thanks for great advice.
an alternative:
you need process explorer and total commander.
do not need to go to safe mode.
start PE
find process winlogon
dbl click
go to threads tab
try to find two handles begin with WGA
kill both threads.
open total commander
goto windows/system32
rename wgalogon.exe to sg
rename wgalogon.dll to sg
press shift+f4, create empty file wgalogon.exe
close notepad
press shift+f4, create empty file wgalogon.dll
close notepad
set both new 0 byte long files to read only (right click, properties)
restart windows
Sir,
Please help me to avoid Genuine window updation notification.
Naushad k.v
Autocad Draughtsman
that wga is a stubborn whore …can’t get rid of it (sticky defaults and the such)
….humbuggers, might as well just live with it vlah
Didn’t work for me and my “search” in the drop down menu for searching “C” or other dives or folders/files on them doesn’t work since wgatray has showed up.
Thanks for all your good guidance, it seems to have worked for many.
thanks for the very easy to follow instructions I know nothing about computers and you walked me right through it ” only a moron could screw this up”that was good mines gone the WGA.I had to run through these steps three times before I found all related files thanks man.
Hey buddy this did not work for me, when I did Find for all three items it did not find any of them?
This is an essential guide for any computer user. Thanks David!
The annoying little bastard happened to me today. I was so furious I considered throwing my laptop out of the window.
But I found your guide and followed your instructions.
So, thank you very much. Words can’t express my gratitude.
My computer keeps shutting down by itself whenever I try to search wgatray.exe or wgalogon in safe mode. So I went in normally and I started to type in WGA in the Find box on regedit and there are so many files and folders to delete! I think I’m going to fuck up my computer if I keep doing this… Please respond ASAP!
Waiting for you bud, check your email!
WORKED LIKE A CHARM …SO FAR…. I DON’T TRUST THIS MAGIC BOX
THANKS SO MUCH IT WAS VERY EASY AND YOUR INSTRUCTIONS WERE GREAT
DAVE
hey when i got to step 5 (find wgatray.exe) ive do it den it finished finding nothing !
i didnt locate the wgatray.exe what must i do?
:P, I give up on windows with so many virus targeted at them, so now I’m with linux with less capabilities but much cleaner lol
works for me thanks
Hi,
How To: Disabling Windows Genuine Advantage (wgatray.exe) in windows 7? I can’t find wgatray.exe, must be anothe *.exe right?
Thank you very much
moncho
I found a way to disable wgatray.exe
Go to Safemode
Go to c:\windows\system32
Delete wgatray.exe
Create a text file call wgatray.exe — Set to read only.
Reboot
Wgatray.exe won’t show up anymore as a process.
I tried everything- ran it in safemode- went through regedit. When I found wgatray (and there was only one find on it) I tried to delete that folder and got an error message saying I couldn’t delete it. I couldn’t drag it to the recycle bin. When I tried to look for it again I couldn’t find anything related to wgatray. I couldn’t find anything for wgalogon or legitcheckcontrol. I’ve tried looking in the System 32 folder for the wgatray.exe file and it is not there. I tried searching the whole computer for wgatray and winlogon and it doesn’t exist. I’ve unhid every folder and file…. I am losing my frickin’ mind with this pain in the d*ck!~….Any suggestions? I’m running Windows 7 Ultimate.
Yes I can help, Windows 7 (All versions) have a new updated pain in the ass app called Microsoft WAT, “Windows Activation (or Authentication) Technologies”. I have another post on how to remove WAT, it’s extremely simple. Click HERE
thanks alot but it didnt work
it says that my antivirus protected that wgatray
isnt that weird it is killing my computer cpu (100% cpu usage)i knew that from the task manager
it turns off my computer suddenly under the action cpu overheating i’ve downloaded something called speedfan (it detects the temp of my cpu ) its over 128c
i need a help here
Antivirus will always try to block it, disable and retry, also your CPU is waaaay to hot, but some system specs would greatly help, what kinda of CPU , operating system?
you are a legend.
Thnks for the info. Stayin one step ahead. Your a mstr.
Thanks a ton! Solved my prob right away!
[…] Sure there may always be a small intrusive little star that pops up and reminds you that your copy is in fact not genuine, but there are always people like me out there that create ways for you to remove them. […]
Could microsoft catch on to this and include registry fixes in future SP updates?
It’s not that they haven’t caught on, they are very aware of these workarounds. Microsoft accepts it as a loss, and it is very unlikely that they would put out a “Blackout” on cracked/hacked older products.