Security experts have concluded that Restoro is a system optimizer. Many of these so-called “system optimizers” intentionally use false positives in scan results to suggest computers need to buy a full version of the product before the problems can be solved.

The Windows operating system comes with a Windows registry, which is a set of files that contains settings for the operating system to be able to run.

Microsoft makes it very clear that they do not support any registry cleaners—not from a third-party program or even one they create themselves. Microsoft does not deny that cleaning the registry could have benefits but suggests the downsides far outweigh the little upside these programs possess.

That said, there are some third-party registry cleaning programs out there that are trusted and reliable. Most Windows users have heard of programs such as CCleaner, which do in fact clean the registry.

Also true is there being many other third-party programs out there that claim to be registry cleaners when they are in fact displaying false positives in order to get you to pay for the full version before allowing you to fix them. The idea of offering a free scan before making you pay to rid your computer from problems is not an issue in itself; the problem is most programs that act this way have a tendency to be viewed as malware rather than legitimate programs.

Since march of 2018, registry cleaners and system optimizers acting in what Microsoft deems to be a coercive manner will be detected and removed during a Windows Defender scan if you are using Windows 10. Thus, if you find the Restoro system optimizer installed on your computer and you are running Windows 10, the Windows Defender antivirus should pick it up and remove it when it is time for your next scheduled scan. If you do not want to wait, you can remove it from the computer by manually scanning with Windows Defender or a different third-party antimalware application instead. If you are still running an older version of the Windows operating system, you may want to steer clear of such programs and not allow them on your computer in the first place. While the older versions may not come with the same reliable Windows Defender to help you out, you can thankfully still install third-party antimalware such as Malwarebytes to remove the system optimizer.

The following tutorial demonstrates how to remove the Restoro malware from your computer.

Method One: How to Remove Restoro System Optimizer by Manually Scanning Files, Folders, and Drives with Windows Defender in Windows 10

Windows 10’s default antivirus program, Windows Defender, doubles as very good antivirus and antimalware protection. The term “antimalware” is a more modern version of the term “antivirus” because a multitude of malicious programs exist today rather than computer viruses alone. Windows Defender finds all sorts of malware and is antimalware that keeps the traditional antivirus name to avoid confusion. That said, Windows Defender still might not remove a Potentially Unwanted Program (PUP) on your computer until you enable the PUP protection first. If you tried an antivirus/antimalware scan with Windows Defender and the malware was not found, you can try enabling the PUP protection and try again before installing third-party software on your computer.

Note: The terms “Potentially Unwanted Programs” (PUPs) and “Potentially Unwanted Applications” (PUAs) are interchangeable. When referring to misleading software installed as a bundle or without users’ consent, common antimalware programs use the term “PUP;” however, Microsoft prefers “PUA” in Windows 10.

Part One: How to Enable or Disable Windows Defender PUA Protection in Windows 10

When removing Potentially Unwanted Programs from your computer with the default Windows Defender antivirus, you should enable PUP protection first. Here is how to do that:

Option One: How to Enable or Disable Windows Defender PUP Protection in Windows PowerShell

1. Open an elevated Windows PowerShell.

2. If you are prompted by User Account Control, click on the Yes button.

3. Type one of the following commands into the Windows PowerShell window, depending on what you want to achieve, and then press the Enter key on your keyboard to execute it:

To Enable Windows Defender PUA Protection:

Set-MpPreference -PUAProtection 1

or

Set-MpPreference -PUAProtection Enabled

To Disable Windows Defender PUA Protection (Default):

Set-MpPreference -PUAProtection 0

or

Set-MpPreference -PUAProtection Disabled

Audit Mode – detects PUPs, but does not block them:

Set-MpPreference -PUAProtection 2

or

Set-MpPreference -PUAProtection AuditMode

4. Restart the computer before attempting to run a new Windows Defender antivirus scan that searched for extra PUPs.

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Two: How to Enable or Disable Windows Defender PUA Protection in Local Group Policy Editor

Notes:

  • You can only use this option from the Local Group Policy Editor starting from Windows 10 version 1809.
  • The Local Group Policy Editor is only available in Pro, Enterprise, and Education editions of Windows 10.

1. Open the Local Group Policy Editor.

2. Using the Local Group Policy Editor’s left pane, navigate through to the following location:

Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus

3. With Windows Defender Antivirus selected, click on Configure detection for potentially unwanted applications from the right pane.

Windows Defender Antivirus -- Configure detection for potentially unwanted applications

4. From the Configure detection for potentially unwanted applications policy, select either Not Configured (to turn off Windows Defender PUP protection), Enabled (to turn on Windows Defender PUP protection), or Disabled (to turn off Windows Defender PUP protection).

Note: If selecting Enabled, a drop-down menu appears in the Options window that offers additional options to configure the group policy if you like. For example, from the drop-down menu, you can select Blocked which means the Configure detection for potentially unwanted applications policy will be enabled, and the potentially unwanted programs will be blocked from being downloaded onto your computer. It is suitable for most people to select Blocked from the drop-down menu in the Options window to stop PUPs getting onto your computer in future.

Configure detection for potentially unwanted applications policy settings

You can now close the Local Group Policy Editor and continue using your computer if you like.

Part Two: How to Manually Scan Files, Folders, and Drives with Windows Defender in Windows 10

Windows 10 provides the latest antivirus protection with Windows Security. Your device will be actively protected from the moment you start Windows 10. Windows Security continually scans for malware (all types of malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protected from threats.

Some features differ if you are running Windows 10 in S mode. Because this mode is streamlined for tighter security, the Virus & threat protection area has fewer options. However, that does not mean it is less secure—the built-in security of this mode automatically prevents viruses and other threats from running on your device, and you will receive security updates automatically.

Windows Defender automatically scans your system periodically, so it should pick up and remove any malware on your computer by itself over time. If you need a quick solution, Windows Defender also allows for manual scans so that you can scan any location on the operating system immediately.

Note: The Windows Defender antivirus application shown below comes out of the box on all versions of Windows 10, the latest version of Windows operating system. If you are running an older version of Windows, such as Windows 7, then you can skip to one of the next parts that shows you how to install a third-party antimalware application instead.

Option One: How to Scan with Windows Defender Using Context Menu

Here is how you can run an antivirus scan with the built-in Windows Defender antivirus program from the context menu of a file or folder:

1. From File Explorer, select the drivefolder, or file that you suspect may contain the potential malicious program.

2. Right-click on Scan with Windows Defender from the context menu. (click to enlarge screenshot below)

Downloads folder -- Scan with Windows Defender
You can right-click on any file, folder or drive in File Explorer. Click on This PC in File Explorer’s navigation pane to view your most commonly used folders, as well as the available drives.

3. When the scan completes, Windows Defender Security Center will open and show you the results. The total time for the scan to complete will vary. Scanning drives will take the longest, while scanning individual files the quickest.

Note: The Windows Defender Security Center has been renamed to Windows Security in newer versions of Windows 10. All the settings within the app remain the same.

Windows Defender Security Center -- threats found, files scanned
When the antivirus scan is complete, you get the scan results—threats found and files scanned—on the same page of the Windows Defender Security Center.

4. If the scan did find threats, you can Start actions or See threat details. (click to enlarge screenshots below)

Note: Clicking on Start actions will result in Windows Defender removing the threat immediately whereas choosing See threat details allows you to see the threat and also choose what you want to do with it more specifically.

Windows Defender Security Center -- Start Actions
The Start Actions buttons appears if the antivirus has found any threats.
Windows Defender Security Center -- Action options
Removing the file completely removes the file from the computer while quarantining it moves the file to a safe location on your computer. You can select Remove when you know you don’t need the file that contains the virus.
Virus test file
The malware we have used in these screenshots is test malware, designed to imitate how real malware works so it will show up in Windows Defender scan results. We do not ever recommend downloading actual malware onto your computers.

You can now close the Windows Security app and continue using your computer if you like.

Option Two: Scan with Windows Defender in Windows Security

Here is how you can run an antivirus scan with the built-in Windows Defender antivirus program from the Windows Security app:

1. Open Windows Security.

Windows Defender icon -- notification area

2. Click on the Virus & threat protection icon in Windows Security’s Security at a glance page.

Security at a glance -- Virus and threat protection

3. To Run a Quick Scan with Windows Defender

a. Click on the Scan now button.

Virus and threat protection -- scan now

4. To Run a Full Scan with Windows Defender

a. Select Full scan and then click on the Scan now button.

Windows Defender Full scan

5. To Run a Custom Scan with Windows Defender

a. Select Custom scan and then click on the Scan now button.

Windows Defender Custom scan

6. Select the filefolder, or drive that you want to scan and then click Select Folder. (click to enlarge screenshot below)

File Explorer Downloads folder -- Select Folder

7. Windows Defender starts scanning the option that you chose.

Windows Defender -- Full scan running

8. When the scan completes, you get the results in numbers.

Windows Defender -- Full scan results

9. If Windows Defender did find threats during the scan, you can Start actions or See threat details.

Note: Clicking on Start actions will result in Windows Defender removing the threat immediately whereas choosing See threat details allows you to see the threat and also choose what you want to do with it more specifically.

Windows Defender Security Center -- Start actions
The Start Actions buttons appears if the antivirus has found any threats.
Windows Defender Security Center -- Action options
Removing the file completely removes the file from the computer while quarantining it moves the file to a safe location on your computer. You can select Remove when you know you don’t need the file that contains the virus.
Virus Alert level: Severe
The malware we have used in these screenshots is test malware, designed to imitate how real malware works so it will show up in Windows Defender scan results. We do not ever recommend downloading actual malware onto your computers.

You can now close the Windows Security app and continue using your computer if you like.

Option Three: How to Scan with Windows Defender from Windows PowerShell

Here is how you can run an antivirus scan with Windows Defender from the Windows PowerShell:

1. Open the Windows PowerShell.

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it.

Update and Quick scan:

Update-MpSignature; Start-MpScan -ScanType QuickScan

Quick scan:

Start-MpScan -ScanType QuickScan

Full scan:

Start-MpScan -ScanType FullScan

PowerShell Scan type Quick scan

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Four: How to Scan with Windows Defender from Command Prompt

Here is how you can run an antivirus scan with Windows Defender from the command line:

1. Open the Command Prompt.

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it. (click to enlarge screenshot below)

Update and Quick scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Quick scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Full scan:

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

CMD Windows Defender Scan type 1

You can now close the Command Prompt window and continue using your computer if you like.

Method Two: How to Remove Restoro System Optimizer Using Malwarebytes

If scanning with the Windows Security antimalware protection doesn’t remove the Restoro system optimizer, you can try installing third-party antimalware tools, such as Malwarebytes, and see if that removes the fake system optimizer instead. You can also use an antimalware program such as Malwarebytes to remove the extensions and all other related files remaining on your computer, so you don’t have to do any of it manually.

1. Download the Malwarebytes for Windows from the Malwarebytes website.

2. If prompted by your web browser with a message that says “This type of file can harm your computer. Do you want to keep the executable (.exe) file anyway?,” click on the Keep button.

3. If you are prompted by User Account Control asking “Do you want to allow this app to make changes to your device,” click on the Yes button.

4. Click on the Scan Now button to begin scanning the computer for malware and other potentially unwanted programs. (click to enlarge screenshot below)

5. Wait for the scan to complete. (click to enlarge screenshot below)

6. Select all of the malware and potentially unwanted programs that you want to be removed from the computer and then click on the Quarantine Selected button. (click to enlarge screenshot below)

7. You may get a message from Malwarebytes letting you know that all selected items have been removed successfully, but the computer must be restarted before the removal process can be completed. Select the Yes button to reboot your computer now. (click to enlarge screenshot below)

8. Upon signing back in to your computer, the Malwarebytes interface will open and let you know that the scan and quarantine are complete. (click to enlarge screenshot below)

Note: You can also export the scan results by clicking on Export summary from the main Malwarebytes results page and then clicking on the Export button from the scan report. (click to enlarge screenshot below)

You can now close the Malwarebytes interface and continue using your computer if you like.

That’s all.