@Loominal
System restore point is not a REAL option. It keeps the files encrypted, it only restores to a point where the files of the malware was not present on the system. The ghostexplorer only works IF you have shadowcopy functionality and have it turned on.
SO: IF you do not have the shadowcopy turned on and you do a system restore, the files are lost, paying for the decryption after a system restore is not possible anymore.
The only good possible way to prevent dataloss is to have a BACKUP on a disk/tape which can regress for a couple of days till before the infection.
@joealbergo
Great to hear its unimportant files that are lost, just to be sure tho i would check the whole data structure for encrypted files.
About Avast missing it:
if the malware is really new and not found yet in the wild and analysed by the viruslabs (avast, mcafee, and all others) then there are no signatures for the scanner to match and hence it will pass the test as clean software.