REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Network Instruments\Observer\Filters\(Virus) MyDoom - Novarg - Shimg]
"FilterBuffer"=hex:b2,00,00,00,03,00,00,00,5a,00,79,00,62,00,1f,00,00,a0,25,00,\
  02,00,01,00,00,00,01,36,00,00,00,01,16,41,41,41,41,41,41,41,41,41,41,41,41,\
  41,41,41,41,41,41,41,41,0d,0a,01,00,00,00,01,36,00,00,00,01,20,41,41,41,41,\
  41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,41,\
  41,41,41,17,00,00,00,00,00,20,00,00,fd,00,06,00,19,00,00,00,00,00,00,00,00,\
  00,39,00,00,00,00,00,1f,00,00,73,00,00,00,00,00,00,01,00,02,00,00,78,05,01,\
  20,20,46,48,46,48,46,48,43,4f,46,44,45,44,45,50,43,4f,45,44,45,50,45,4e,43,\
  41,43,41,43,41,43,41,41
"szDescr"="The sending machine may be infected with the MyDoom - Novarg - Shimg virus. Also captures someone downloading the virus executable from p2p programs like Kazaa"
"bFilterBasedAlarm"=dword:00000001
"RGBValue"=dword:00800080
"szFolder"="Virus Filters"

[HKEY_LOCAL_MACHINE\Software\Network Instruments\Observer\ProtocolPresetsV9]