- January 24, 2001
- February 13, 2007 11:50:33 AM
- Trojan Horse
PHP.Sysbat is a Trojan horse, not a virus. Trojan horses do not replicate. PHP.Sysbat only executes on computers with PHP interpreters. (PHP is a server-side, cross-platform, HTML-embedded scripting language.) It cannot be contracted by simply visiting an infected Web page.
PHP.Sysbat modifies the Autoexec.bat file so that the next time the computer is restarted, the command to format the hard drive is executed. The Trojan will also append text to C:\Config.sys and to other files with the .sys extension that are located in the C:\Windows\Command folder. Finally, the Trojan tries to delete C:\Windows\System\Wsock32.dll.
Antivirus Protection Dates
Initial Rapid Release version January 25, 2001
Latest Rapid Release version September 28, 2010 revision 054
Initial Daily Certified version January 25, 2001
Latest Daily Certified version September 28, 2010 revision 036
Initial Weekly Certified release date pending
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Eric Chien