thekochs - That's more or less the combo I have started to put on my machines. (I use MalwareBytes Free and have not yet decided to pay for MalwareBytes Pro. And my Avast Free is more than just Shields only - why shields only? DeepScan is on and I am now experimenting with Hardened Aggressive on one machine.)
You are right about unhooking that USB backup drive because the encryption will get it also (from what I've read), but your USB backup drive is then vulnerable half the time. That's why I'm worried about Avast Free and whether it stops this from happening.
SugarSync, which we use, has admitted to what you say also - that the encryption malware will send a new, encrypted version of each sync file up to SugarSync. So only the previous version will be good.
Still, we need Avast itself to comment here. Their 2013 posting is no good anymore.
When I say "Shields Only"...I mean I don't install any of the "Tools" in CUSTOM install options.
Example: I don't want GrimeFighter nor Network Scan, etc......I personally have better ways to do this and won't comment on my opinion of some of those tools (trying to be nice). I also have not installed "NG" (in "Tools" as well.......concept is great and may in one or two more releases of Avast code become "stable" but right now IMHO it is not). So, with the "Shields" you get DeepScan (on by Default) and Hardened Mode (off by Default). I admit I have not tried Hardened Mode and I've read the comments/confusion on the nomenclature of "Moderate" versus "Aggressive":
https://forum.avast.com/index.php?topic=142172.msg1032485#msg1032485 I should probably do so on "my" PC but some of the others in my family I'd would be getting calls constantly "is this OK ?.....is this OK ?...is this OK ?) How has it worked for you ?
On the USB HDD....I just hook it up at night before I go to bed.....then Macrium Reflect images my PC at 3am....when I wake up at 6pm I check Avast Scan, MBAM scan (both also ran.....different times) and then I unhook my USB HDD. I figure that the Cryptolock is going to lock down my PC/files as soon as it gets loaded (or within minutes after it gets keys from server and searches/encrypts my files).......not wait until some arbitrary time or hours. Also, even if it does the Macrium image file is not one of the extensions yet it locks down. So, perhaps a small hole of assumption is there but trying to minimize. Also, SugarSync will have "previous" version of file and I also manually from time-to-time have USB stick with my very critical files.....not current as the above but close enough if I had to live with. Of course being prudent on where you surf, email attachments you "run', etc. always help a lot. One thing everyone should do it uncheck "hide file extensions" in Windows Explorer so you see the *.PDF is a *.PDF.
EXE file.....hopefully seeing that along with no Adobe thumbnail should be warning too.
Lastly, I would buy the MBAM "Pro" active shield......about once a week it catches something "actively" Avast does not.
Also check this article out:
http://krebsonsecurity.com/2014/08/new-site-recovers-files-locked-by-cryptolocker-ransomware/But early Wednesday morning, two security firms – Milpitas, Calf. based FireEye and Fox-IT in the Netherlands — launched decryptcryptolocker.com, a site that victims can use to recover their files. Victims need to provide an email address and upload just one of the encrypted files from their computer, and the service will email a link that victims can use to download a recovery program to decrypt all of their scrambled files.Also good summary/history:
http://en.wikipedia.org/wiki/CryptoLockerCryptoLocker in Action video:
https://www.youtube.com/watch?v=Gz2kmmsMpMI
