I know with my recent Microsoft appraisals it may seem like I’m placing them on some sort of super-high pedestal that the rest can’t reach. Over the weekend Microsoft got knocked off that a couple times, almost as if the universe decided to spite me.
WGA Validation Fail.
Oh noes. What have we here? For those out of the loop, apparently unbeknowst to the public Microsoft slipped patch KB905474 through their update servers. Those of you who don’t check the updates and look into them before installing (probably most of you.. I can’t imagine anyone doing this unless they were completely paranoid) wouldn’t have even noticed this little doozy pass by. And then you’d never notice it again, until it told you that the pirated copy of windows that you were using was Pirated, and then refused to shut down your computer or start it up. It would also display a horrendous little notification on the bottom right of your screen and a system tray icon that refused to go away. Oh and it would bond to your OS, making it virtually impossible to remove. Once installed, KB905474 is here to stay.
Or is it? With a little know how KB905474 is actually fairly simple to remove. It invovles the use of a single tool that’s offered to the public for free and the steps are so easy someone who claims to be computer illiterate can easily perform them (trust me, I have validation on this).
- Download and install Unlocker. This handy little gem was actually found through a website that I frequent called Rarst, the particular post outlining it vs another file unlocker. In the end Unlocker won out for me simply because it was the easiest to use. What it does is take any file and list the files that are using it. You can then “unlock” the file from use. The Unlocker website contains and lot more details (and screenshots) of the whole process and the Rarst post contains a lot of good information for those of you who want a bit more.
- Now go to this folder: C:\Windows\system32\ and look for the following files:
They’ll by right next to each other, so if you find one, you’ll find the other.
- Making sure every other window is closed, right click WGATray.exe and select unlocker. Simply select the file in the window that pops up and select unlock. Then rename the file to WGATray.exe.old. If Unlocker reports that a lock couldn’t be found, simply rename the file.
- Now right click wgalogon.dll and do the same thing. This file will have a lock on it, so you will have to select Unlock before you can tamper with it. Rename it to wgalogon.dll.old
You would have noticed that wgalogon.dll was actually tied directly into winlogon.exe which is essential for windows. This is why you can no longer remove it.
Now just open task manager (CTRL+ALT+DEL or right click the taskbar and select Task Manager). Click on the Processes tab and then click on the Image Name title, sorting them alphabetically. Now you can just find WGATray.exe and end the process. You will have noticed that if you tried to end it previously that it would just start back up again, but by renaming the file, it can no longer find it so it can’t start it.
Your computer will also refuse to shut down the first time this is done. This is because WGA is tied directly into Windows and it’s getting confused that it can no longer find it. Simply force shut down (hold the power button) and when that’s done boot up again and you should be fine.