1. /
  2. Security Response/
  3. PHP.Sysbat

PHP.Sysbat

Risk Level 1: Very Low

Discovered:
January 24, 2001
Updated:
February 13, 2007 11:50:33 AM
Type:
Trojan Horse

PHP.Sysbat is a Trojan horse, not a virus. Trojan horses do not replicate. PHP.Sysbat only executes on computers with PHP interpreters. (PHP is a server-side, cross-platform, HTML-embedded scripting language.) It cannot be contracted by simply visiting an infected Web page.

PHP.Sysbat modifies the Autoexec.bat file so that the next time the computer is restarted, the command to format the hard drive is executed. The Trojan will also append text to C:\Config.sys and to other files with the .sys extension that are located in the C:\Windows\Command folder. Finally, the Trojan tries to delete C:\Windows\System\Wsock32.dll.

Antivirus Protection Dates

  • Initial Rapid Release version January 25, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version January 25, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report