windows\systen32\sc.exe tries to shutdown avast on startup?

After booting, avast pops up saying that “windows\systen32\sc.exe tries to shutdown avast” and ask if this is OK. Of course not, and when i reject this, the system hangs up.
I installed avast two weeks ago.
Also are installed avg and mx one.
Any idea?
Thanks a lot.

Having two (or more in your case) resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.

Try to add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software) as a possible undetected malware. It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

DavidR: Thanks a lot for your answer.
This means that i must tell Avast to effectively shutdown itself, as asked by sc.exe… but this also means avast will be unable to move anything to chest, isnt it?.
I have a fresh XP instaled in other machine. I wil try to isolate the offending sc.exe to another location in safe mode, write instead a fresh one in windows\system32\sc.exe and then try the scan online.
I will keep you informed.

No I’m not telling you to effectively shutdown avast, nothing that I said remotely suggests that. How could I be suggesting shutting down avast when I’ asking you to add it to the chest and send it to avast for analysis.

You have multiple AVs in your system which is a recipe for conflict, when two (or more) AVs conflict they lock files, so you get stuff like this happen a system lockup.

As avast seems to be the only thing the even has a blip on the radar (noticing the attempt to shut it down), where the other two have done nothing. So if anything this is a backhanded suggestion to get rid of the others.

I’m trying to get you to upload the file to virustotal to see if any of the 41 scanners there have a detection to get an idea how to proceed and also send the file to avast for further analysis. Followed by renaming/removing the file from the original location in system32.

Im sorry if i misunderstood you. English is not my mother language. I will try to follow your advice the best that i can, And will keep you informed.
Thanks again

You’re welcome.

After my last post, the PC started to refuse to boot windows in safe mode, also in normal mode.
I transferred the hard disk to an USB carry disk, connected to a working PC, and extracted the offending SC.exe. Then compared this one with another one from a healthy XP Pro. They both matched. No differences for a binary file compare.
Feels like somehow, the virus impersonated SC.exe trying to shutdown avast. (I don’t know if this is even possible…).
Anyway, in fear of losing the data in the hard disk, i wiped out Windows (windows itself + program files), leaving only the data i needed, and reinstaled XP pro.
I know, i should scan the hard disk for the virus, but i was on a hurry, and have not a bunch of machines with different antivirus at hand.
Anyway, Thanks a lot, DavidR.
Your suggestions make me feel not alone in the dark.

You’re welcome.

Given that the description for the sc.exe file in system32 folder is “A tool to aid in developing services for Window.” So it is possible that something else is using this file for other purposes than what it was designed.

Whilst the reinstall may have helped (depending on exactly what was done, format, etc.) in resolving the problem. However it may be worth trying some other tools.

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.