The WbeCheck trojan installs a spying component as 'pbsysie.dll'
file to Internet Explorer. The DLL file is usually located in
\Windows\ folder. This DLL filters HTTP requests of IE and it
makes some changes in HTTP traffic.
All files detected as 'Trojan.Win32.WbeCheck' should be deleted
from an infected system. If a trojan's file is locked and can't
be deleted instantly, it should be deleted from pure DOS (in case
of Windows 9x system) or renamed with a different extension (DLA
for example) with further system restart (in case of NT-Based
system). After restart the renamed DLL can be deleted.
![](/images/pixel.gif"){kind=tracking}
