REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Network Instruments\Observer\Filters\(Virus) SQL Injection - Backdoor.Win32.Buzus.croo] "szFolder"="Virus Filters" "szDescr"="The client sid of this conversation may have accessed a compromised Web Page and now is infected with the Buzu.croo Trojan." "RGBValue"=dword:00800080 "dwVersion"=dword:00000000 "bDeleted"=dword:00000000 "FilterBuffer"=hex:8a,01,00,00,05,00,00,00,1f,00,27,00,00,00,01,00,10,67,00,01,\ 79,0e,88,05,00,00,00,06,00,50,00,00,00,00,00,00,00,00,00,57,00,7e,00,00,00,\ 1f,00,00,75,1d,00,02,00,01,00,06,00,02,00,00,b0,04,00,0e,33,31,38,78,2e,63,\ 6f,6d,2f,61,2e,68,74,6d,01,00,06,00,02,00,00,b0,04,00,25,61,61,31,31,30,30,\ 2e,32,32,38,38,2e,6f,72,67,2f,68,74,6d,6c,61,73,70,2f,64,61,73,70,2f,61,6c,\ 74,2e,68,74,6d,6c,79,00,14,01,f7,00,1f,00,00,5b,3d,00,01,00,01,00,06,00,02,\ 00,00,b0,04,00,2e,68,78,78,70,3a,2f,2f,64,6e,73,2e,77,69,6e,73,64,6f,77,6e,\ 2e,63,6f,6d,2e,63,6e,2f,43,6f,75,6e,74,64,6f,77,6e,2f,63,6f,75,6e,74,2e,61,\ 73,70,01,00,06,00,02,00,00,b0,04,00,27,68,78,78,70,3a,2f,2f,77,69,6e,64,6f,\ 77,73,73,70,2e,37,37,36,36,2e,6f,72,67,2f,64,6f,77,6e,2f,64,6f,77,6e,2e,63,\ 73,73,1d,00,00,00,00,00,1f,00,00,64,00,00,00,00,01,00,06,00,02,00,00,64,00,\ 00,04,50,4f,53,54,76,00,00,00,00,00,1f,00,00,fd,37,00,02,00,01,00,06,00,02,\ 00,00,b0,04,00,28,6a,73,2e,74,6f,6e,67,6a,69,2e,6c,69,6e,65,7a,69,6e,67,2e,\ 63,6f,6d,2f,31,33,35,38,37,37,39,2f,74,6f,6e,67,6a,69,2e,6a,73,01,00,06,00,\ 02,00,00,b0,04,00,2a,69,6d,67,2e,74,6f,6e,67,6a,69,2e,6c,69,6e,65,7a,69,6e,\ 67,2e,63,6f,6d,2f,31,33,36,34,30,36,37,2f,74,6f,6e,67,6a,69,2e,67,69,66 [HKEY_LOCAL_MACHINE\Software\Network Instruments\Observer\ProtocolPresetsV9]