1. Symantec/
  2. Security Response/
  3. PHP.Sysbat


Risk Level 1: Very Low

January 24, 2001
February 13, 2007 11:50:33 AM
Trojan Horse

PHP.Sysbat is a Trojan horse, not a virus. Trojan horses do not replicate. PHP.Sysbat only executes on computers with PHP interpreters. (PHP is a server-side, cross-platform, HTML-embedded scripting language.) It cannot be contracted by simply visiting an infected Web page.

PHP.Sysbat modifies the Autoexec.bat file so that the next time the computer is restarted, the command to format the hard drive is executed. The Trojan will also append text to C:\Config.sys and to other files with the .sys extension that are located in the C:\Windows\Command folder. Finally, the Trojan tries to delete C:\Windows\System\Wsock32.dll.

Antivirus Protection Dates

  • Initial Rapid Release version January 25, 2001
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version January 25, 2001
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube