Restoro...safe or not?
Posted: 31-Jul-2020 | 11:53AM · 27 Replies · Permalink
Please Sign In with Norton Account to Ask a Question or comment in the Community
Posted: 31-Jul-2020 | 11:53AM · 27 Replies · Permalink
Posted: 31-Jul-2020 | 11:56AM · Edited: 31-Jul-2020 | 12:25PM · Permalink
Report a suspected incorrect detection to NortonLifeLock
This document instructs on how to report a false positive or a false negative to NortonLifeLock through the online submission form.
https://support.norton.com/sp/en/us/home/current/solutions/v126152382
https://community.norton.com/en/forums/restoro
https://community.norton.com/en/forums/how-do-i-get-rid-restoroprotectionexe
https://safeweb.norton.com/report/show_mobile?name=restoro.com
https://www.trustpilot.com/review/restoro.com
Is Restoro a safe website?
No. It's not Microsoft and it's not legitimate.
Even if it weren't a scam, all such sites that claim to fix or improve things at best are useless. They are all more likely to create problems than to solve them.
Restoro - is it genuine?
I purchased a new desktop HP computer and have now had it for 5 days. I noticed that it was quite slow for a new computer, then yesterday a window opened to say I had problems on my computer and a programme called Restoro (said its origin was on the hard disk) appeared and checked my computer. Results shown there were faults on my computer and when I clicked on repair it wanted payment. Is this a valid programme, or not? If it is, I very much resent the fact that a brand new computer is slow and then you are charged to repair it. I would very much appreciate comments on this, please.
Removal instructions for Restoro
The Malwarebytes research team has determined that Restoro is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
https://forums.malwarebytes.com/topic/235321-removal-instructions-for-restoro/
Restoro offers Advanced Repair software for your Windows PC
https://reviews.thewindowsclub.com/restoro-review-download/
RESTORO – Is It Safe & Legit? Restoro Uninstall
https://howtofix.guide/restoro-uninstall/
Posted: 31-Jul-2020 | 12:32PM · Edited: 31-Jul-2020 | 12:46PM · Permalink
What is the view of Norton?
Maybe, ask NortonLifeLock
Report a suspected incorrect detection to NortonLifeLock
This document instructs on how to report a false positive or a false negative to NortonLifeLock through the online submission form.
https://support.norton.com/sp/en/us/home/current/solutions/v126152382
Hmm...thanks for that BJM, I was hoping you would chime in...a mixed bag I see. [...] What do you think? Again based on my experience I see a significant improvement to my PC's performance. In your opinion and experience do you think it is safe to release from quarantine based on what you know about it?
FWIW ~
I had Restoro installed just long enough to run Restoro preliminary scan & take screen pics -
I did not exercise all Restoro features -
I did not run Restoro -
I did not run Restoro real-time monitoring -
Enable real-time monitoring
*When enabled, Restoro® real-time monitoring of malware applications and newly
downloaded files will continue to run in the background after you close the program
and notify you on infected files
https://community.norton.com/en/comment/8410641#comment-8410641
Posted: 31-Jul-2020 | 12:49PM · Edited: 31-Jul-2020 | 1:09PM · Permalink
However, Norton picked it up and removed it, identifying it as a low risk.
Care to share Norton detection information?
What did Norton pick up and remove?
Norton did not object to Restoro install on your machine?
What did Norton object to on your machine?
Norton detection criteria may not satisfy all users, all the time -
PUP/PUA ... as you know are "potentially unwanted programs" -
By classifying these programs as just “potentially unwanted programs,” antimalware software creators are attempting to shield themselves from legal action while detecting software most people don’t want on their computers.
Whether an antimalware — or antivirus — application chooses to flag and detect PUPs is up to that individual engine. Some security software makers are more focused on malware, while others — Malwarebytes, for example — are more serious about detecting and removing PUPs.
https://www.howtogeek.com/232791/pups-explained-what-is-a-potentially-unwanted-program/
FWIW ~ Items rated as a PUP/PUA - which does not mean malware. A PUA can download and install other software that might turn out to be, indeed, malicious. However, PUA can be installed at the user's discretion. The signature detection is to bring the file to the user's attention.
What some users consider a PUA, other users will not; what one AV company rates as a PUA, another may not.
In general, be more vigilant and discerning. PUAs in particular usually install with your consent, and your consent can often be implied when you take shortcuts like a default installation, fail to read all the installation options presented, fail to read Terms & Privacy & EULA.
This post is provided “AS IS" with no guarantees or warranties. ~ YMMV
Posted: 31-Jul-2020 | 2:04PM · Edited: 31-Jul-2020 | 2:26PM · Permalink
EQ71:
File Thumbprint - SHA: Not available
File Thumbprint - MD5: Not available
Hi @EQ71,
I was hoping for hash checksum -
EQ71:
[...]
C:\ProgramData\Restoro\AV\ avupdate.exe Threat Removed File: C:\ProgramData\Restoro\AV\ avupdate.log Threat Removed File: C:\ProgramData\Restoro\AV\ avupdate_msg.avr Threat Removed File: C:\ProgramData\Restoro\AV\ cacert.crt Threat Removed File: C:\ProgramData\Restoro\AV\ HBEDV.KEY Threat Removed File: C:\ProgramData\Restoro\AV\ local000.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ master.idx Threat Removed File:C:\ProgramData\Restoro\AV\ xbv00113.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00114.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00115.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00116.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00117.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00118.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00119.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00120.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00121.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00122.vdf Threat Removed File: C:\ProgramData\Restoro\AV\ xbv00123.vdf Threat Removed File:
[...]
Maybe, Norton detected Restoro virus definitions as threat?
Malware definitions may contain bits of code that resemble malware to other security solutions?
IMPORTANT NOTE: Using more than one anti-virus program with real-time protection simultaneously is not advisable.
Even if one of the anti-virus programs is disabled for use as a stand-alone on demand scanner, it can still affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.
When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.
Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus.
Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.
To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.Microsoft and major Anti-virus vendors recommend that you install and run only one anti-virus program at a time.
Posted: 31-Jul-2020 | 2:37PM · Edited: 31-Jul-2020 | 3:07PM · Permalink
EQ71:
[...] I have included the original page I got the link from...right at the bottom of the page is what I now recognise as an add and not part of the article as I assumed.... https://windowsreport.com/windows-store-games-wont-download-windows-10/
Okay, I had to turn off my content blocker to see:
https://cloud.restoro.com/download/rh/Restoro.exe
Downloaded File Restoro.exe from restoro.com
File Thumbprint - SHA:
55757e1a0b20f880ae146b3409ecdb0d40eeb170d0562ae3028037b56b060849
File Thumbprint - MD5:
5755d55aad262408a116bf77ec8da51d
Posted: 31-Jul-2020 | 3:07PM · Edited: 31-Jul-2020 | 3:08PM · Permalink
EQ71:
Filename: PUA.Superfluss
PUA.Superfluss is a generic detection for many individual but varied potentially unwanted applications for which specific definitions have not been created. A generic detection is used because it protects against many potentially unwanted applications that share similar characteristics. [source google]
What is a PUA (Potentially Unwanted Application) or PUP (Potentially Unwanted Program)?
https://us.norton.com/internetsecurity-malware-what-are-puas-potentially-unwanted-applications.html
Posted: 31-Jul-2020 | 3:23PM · Edited: 31-Jul-2020 | 3:33PM · Permalink
EQ71:
Sorry first time poster...need to learn how to do that, (how can I get you a hash file?)
Sorry, I meant I was hoping that Norton generated a hash -
Norton reported hash Not available
File Thumbprint - SHA: Not available
File Thumbprint - MD5: Not available
So yea, you downloaded, came up safe from Norton but 4 engines detected this file....?
4/72 VirusTotal engines detected "Restoro Downloader" -
https://www.virustotal.com/gui/file/55757e1a0b20f880ae146b3409ecdb0d40eeb170d0562ae3028037b56b060849/detection
Note: VT engines may use the same source - same criteria.
4/72 (at this time) IMO is not a resounding conviction. Just saying.
Posted: 31-Jul-2020 | 5:57PM · Permalink
FWIW ~ as test -
- ran Restoro Downloader from [here]
Filename: RestoroSetup.exe
Threat name: Trojan.Gen.2Full Path: C:\Users\bjm\AppData\Local\Temp\RestoroSetup.exe
On computers as of
7/31/2020 at 8:47:39 PM
Last Used
7/31/2020 at 8:49:39 PM
Startup Item
No
Launched
No
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
RestoroSetup.exe Threat name: Trojan.Gen.2
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
http://cloud.restoro.com/download/2018a/RestoroSetup64.exe
Downloaded File from restoro.com
Source: External Media
RestoroSetup.exe
File Actions
File: C:\Users\bjm\AppData\Local\Temp\ RestoroSetup.exe Removed
File Thumbprint - SHA:
fa76ebaac43593273124fd45e686003b71a233d35f00900e7ded0848157bf6ff
File Thumbprint - MD5:
38e458d436de9ff89fe48b1f2e050b39
Posted: 31-Jul-2020 | 6:06PM · Edited: 31-Jul-2020 | 6:10PM · Permalink
FWIW ~ as test -
Posted: 31-Jul-2020 | 6:24PM · Edited: 31-Jul-2020 | 6:27PM · Permalink
http://www.restoro.com/how-does-it-work/
Posted: 01-Aug-2020 | 5:54AM · Edited: 01-Aug-2020 | 6:33AM · Permalink
File Thumbprint - SHA: 55757e1a0b20f880ae146b3409ecdb0d40eeb170d0562ae3028037b56b060849 represents the Restoro Downloader file.
File Thumbprint - SHA: fa76ebaac43593273124fd45e686003b71a233d35f00900e7ded0848157bf6ff represents the Restoro Setup file.
Restoro Downloader file (Restoro.exe) is the small file downloaded from windowsreport.com page. Upon execution of the small Restoro.exe file from my desktop. Restoro SetUp (RestoroSetup.exe) program is launched. Restoro Setup file pulls and installs the full Restoro program.
File thumbprints are different, as you know, because the files are different.
Note:
I ran Restoro free version.
I did not run Restoro Start Repair.
Sorry, I cannot reproduce your @EQ71 Restoro experience as noted [here], my side. I did not pay for a licence nor run Start Repair. I reviewed the items that Restoro reported from their free scan ... but, did not want Restoro program to remove registry keys, junk files, etc. on my machine. Just me.
Posted: 01-Aug-2020 | 6:39AM · Edited: 01-Aug-2020 | 7:02AM · Permalink
8/72 VirusTotal engines report Restoro Setup thumbprint, at this time -
https://www.virustotal.com/gui/file/fa76ebaac43593273124fd45e686003b71a233d35f00900e7ded0848157bf6ff/detection
Note: VT engines may use the same source - same criteria.
Posted: 01-Aug-2020 | 7:44AM · Edited: 01-Aug-2020 | 8:25AM · Permalink
Microsoft support policy for the use of registry cleaning utilities
https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities#:~:text
EQ71:
[...] the issues it identified on your test PC... were they false positives...as in completely fabricated?
Registry Results -
registry keys that Restoro wanted to "fix" appeared to be Dell tools. I did not want Restoro "fix". Just me.
for example:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dell\SupportAssistAgent\DellRemoteAssist\DellRemoteAssist.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAppLauncher.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAppWire.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Rivet Networks\SmartByte\WindowsStore_SB.url
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Rivet Networks\SmartByte\RNService.dll
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Rivet Networks\SmartByte\RNUtils.dll
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe.config
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
Granted, registry keys may be dross.
Granted, not all Dell users like Dell tools.
and Threats Results - I did not want Restoro "fix". Just me.
and Junk Results appeared to be Temp files. I did not want Restoro "fix". Just me.
for example:
C:\Users\bjm\AppData\Local\Temp\nst951D.tmp325632
C:\Users\bjm\AppData\Local\Temp\nst951D.tmp\registry.dll25088
C:\Users\bjm\AppData\Local\Temp\nst951D.tmp\stack.dll10752
C:\Users\bjm\AppData\Local\Temp\nst951D.tmp\rCrypt.dll289792
C:\Users\bjm\AppData\Local\Temp\nsqF142.tmp325632
C:\Users\bjm\AppData\Local\Temp\nsqF142.tmp\registry.dll25088
C:\Users\bjm\AppData\Local\Temp\nsqF142.tmp\stack.dll10752
C:\Users\bjm\AppData\Local\Temp\nsqF142.tmp\rCrypt.dll289792
C:\Users\bjm\AppData\Local\Temp\nsp21F1.tmp325632
and Stability Results appeared to be Esent reports. I did not want Restoro "fix". Just me.
for example:
Application: esent
Crash date: 2020/08/01/ 0:55
Crash date: 2020/07/31/ 19:5
Crash date: 2020/07/31/ 18:56
Crash date: 2020/07/31/ 15:45
Crash date: 2020/07/31/ 15:38
Crash date: 2020/07/31/ 15:9
Crash date: 2020/07/31/ 2:6
Crash date: 2020/07/31/ 0:58
Crash date: 2020/07/31/ 0:40
Crash date: 2020/07/30/ 20:52
Posted: 01-Aug-2020 | 8:31AM · Edited: 01-Aug-2020 | 9:03AM · Permalink
EQ71:
..........And that, Bjm is the decider. If it is providing false positives, (just confirm that the install you ran was from the link I provided|)
Yes, I decided to not run Restoro "fix".
I'm not claiming Restoro free scan reported "false positives".
Yes, I started from windowsreport.com page here > https://community.norton.com/en/comment/8451531#comment-8451531
I do not have long term use experience to qualify Restoro one way or the other.
I'm just not comfortable with Restoro features. Just me.
I've no experience with * Powered by Reimage Patented Technology.
https://www.reimageplus.com/patented-technology/
http://www.restoro.com/how-does-it-work/
Sorry -----
Lets hear from Community
Posted: 01-Aug-2020 | 9:21AM · Edited: 01-Aug-2020 | 9:36AM · Permalink
Maybe, Norton detected Restoro normal legit functions [here] -
* Powered by Reimage Patented Technology
How does Restoro fix Windows?
The repair will deactivate then quarantine all Malware found then remove virus damage.
All System Files, DLLs, and Registry Keys that have been corrupted or damaged will be replaced with new healthy files from our continuously updated online database.
The online database is comprised of over 25,000,000 updated essential components that will replace any damaged or missing file on a Windows operating system with a healthy version of the file so that your PC's performance, stability & security will be restored and even improve.
http://www.restoro.com/how-does-it-work/
Maybe, Norton + Restoro users need to add mutual exclusions -
Maybe, Norton + Restoro simply do not play well together -
Lets hear from Community
Posted: 01-Aug-2020 | 9:37AM · Edited: 01-Aug-2020 | 9:49AM · Permalink
Again...sucks because it made my PC fly!!
Maybe, Norton should be removed before running Restoro repair. IDK
....but at this point I have to suck up the licence that I paid for,
https://www.restoro.com/refund-policy/
Always best practice is recent system image backup -
Posted: 01-Aug-2020 | 1:52PM · Permalink
I had a look at the link to Microsoft on cleaning up the Registry and it's a good straight-forward "Don't do it"!
I do use CCleaner that includes a Registry Cleaner section but I refrain from using it although I sometimes run it to see what it thinks is wrong with my Windows 10 Regisitry! But I don't tell it to clean up.
I have tried doing that in the past in order to see how it works (it didn't do any damage that time so far as I could see back then) and it does in fact offer both create a System Restore Point and to back up the deleted items so you can change back which Microsoft stress is essential if you are going to run a Registry Cleaner.
I noted that their link to "How to back up your Registry" did not take me to that for Windows 10 at least but to a whole host of other items of information.
Posted: 20-Jan-2021 | 11:55AM · Permalink
DO NOT USE 'RESTORO'
I think it drops this after a few reboots...so it is stealthy and almost grooms the user into trusting it. I am never using this software again.
There are currently 8 users online.
Re: Restoro...safe or not?
Posted: 01-Aug-2020 | 7:44AM · Edited: 01-Aug-2020 | 8:25AM · Permalink
Microsoft support policy for the use of registry cleaning utilities
https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities#:~:text
Registry Results -
registry keys that Restoro wanted to "fix" appeared to be Dell tools. I did not want Restoro "fix". Just me.
for example:
Granted, registry keys may be dross.
Granted, not all Dell users like Dell tools.
and Threats Results - I did not want Restoro "fix". Just me.

and Junk Results appeared to be Temp files. I did not want Restoro "fix". Just me.
for example:
and Stability Results appeared to be Esent reports. I did not want Restoro "fix". Just me.
for example: