diff --git a/malwaresh.pl b/malwaresh.pl
index ce57314..a7e8653 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1,4 +1,8 @@
 #!/usr/bin/perl
+#
+# Malware Cleaner Shell Version
+#
+#
 
 use strict;
 use warnings;
diff --git a/patterns/base64.txt b/patterns/base64.txt
new file mode 100644
index 0000000..e69de29
diff --git a/patterns/crypto.txt b/patterns/crypto.txt
new file mode 100644
index 0000000..dd2b5a0
--- /dev/null
+++ b/patterns/crypto.txt
@@ -0,0 +1 @@
+User-Agent.*cpuminer
diff --git a/patterns/mailing.txt b/patterns/mailing.txt
new file mode 100644
index 0000000..e69de29
diff --git a/patterns/phishing.txt b/patterns/phishing.txt
new file mode 100644
index 0000000..e69de29
diff --git a/patterns/polymorphic.txt b/patterns/polymorphic.txt
new file mode 100644
index 0000000..e5fa5f1
--- /dev/null
+++ b/patterns/polymorphic.txt
@@ -0,0 +1,54 @@
+<?php.*strtoupper.*if.*isset.*eval.*?>
+<?php.*$GLOBALS.*if.*function_exists.*function.*$GLOBALS.*pack.*return.*substr.*?><?php
+<?php.*strtolower.*[].*[].*[].*[].*[].*[].*strtoupper.*eval.*?>
+if.*isset.*${$.*}.*eval.*;}.*?>
+strstr.*implode.*array_map.*function_exists
+<?php.*!function_exists.*?><?php
+<?php.*globals.*eval.*?><?php
+<?php.*if.*isset.*globals.*strtolower.*?>
+<?php.*isset.*$GLOBALS.*strtolower.*$_SERVER.*strstr.*function_exists.*function.*?><?php
+<?php.*strtolower.*$GLOBALS.*strstr.*function_exists.*substr.*explode.*?><?php
+<?php.*$GLOBALS.*isset.*$GLOBALS.*explode.*substr.*function_exists.*function.*?><?php
+<?php.*strtoupper.*if.*isset.*eval.*?>
+<?php.*$GLOBALS.*if.*function_exists.*function.*$GLOBALS.*pack.*return.*substr.*?><?php
+<?php.*preg_replace.*isset.*GLOBALS.*function.*preg_replace.*explode.*chr.*substr.*function_exists.*function.*substr.*?><?php
+<?php.*if.*isset.*GLOBALS.*strtolower.*SERVER.*if.*strstr.*strstr.*GLOBALS.*?><?php
+<?php.*return.*chr.*str_split.*GLOBALS.*function_exists.*explode.*substr.*explode.*chr.*?>
+<?php.*preg_replace.*(.*_REQUEST.*[.*].*).*?>
+<?php.*function_exists.*explode.*chr.*substr.*function_exists.*function mugvsjx.*NULL.*substr.*?>.*<?php
+strtoupper.*if.*eval
+array.*strrev.*implode.*array.*implode.*?>
+array.*strrev.*strrev.*eval.*implode.*?>
+php.*function.*Array.*return.*base64_decode.*error_reporting.*mb_internal_encoding.*mb_regex_encoding.*mb_http_output.*mb_http_input.*mb_language.*mb_strtolower.*mb_substr.*function
+GLOBALS.*GLOBALS.*global.*function.*for.*function.*global.*return.*if.*Array.*else.*eval.*exit.*php
+function.*for.*strlen.*isset
+function.*for.*strlen.*++
+explode.*chr.*if.*function_exists.*function.*NULL.*for.*return.*NULL
+function.*return.*NULL.*preg_replace
+php.*if.*isset.*GLOBALS.*strtolower.*strstr.*strstr.*GLOBALS.*php
+php.*preg_replace.*SERVER.*HTTP.*SERVER.*HTTP.*CURRENT
+GLOBALS.*GLOBALS.*if.*empty.*GLOBALS.*eval.*GLOBALS.*GLOBALS.*echo
+eval.*gzuncompress.*base64_decode
+strtolower.*strtoupper.*if.*isset.*eval
+new.*JApplication.*array.*UID.*
+function.*for.*strlen.*++.*isset
+GLOBALS.*Array.*GLOBALS.*function.*return.*echo.*eval.*exit
+php.*if.*isset.*eval
+isset.*POST.*POST.*isset.*COOKIE.*COOKIE.*NULL.*if.*NULL.*md5.*substr.*md5.*strrev.*strlen.*for.*chr.*if.*gzinflate.*if.*isset.*setcookie.*POST.*create_function.*unset
+isset.*POST.*isset.*COOKIE.*NULL.*if.*NULL.*md5.*substr.*md5.*strrev.*strlen.*for.*chr.*if.*gzinflate.*if.*isset.*setcookie.*POST.*create_function.*unset
+create_function.*base64_decode
+php.*if.*isset.*REQUEST.*assert.*REQUEST.*exit
+GLOBALS.*Array.*foreach.*eval.*exit.*php
+if.*function_exists.*function.*base64_decode.*ord.*ord.*strlen.*preg_match.*base64_decode.*if.*exit.*if.*if.*if.*ord.*for.*else.*for.*else.*if.*return.*eval
+strtolower.*if.*strstr.*or.*strstr.*if.*function_exists.*or.*strstr.*or.*array_map.*str_split.*function.*GLOBALS.*or.*strstr.*return.*chr.*ord.*error_reporting.*explode.*chr.*substr.*if.*function_exists.*function.*for.*sizeof.*substr.*return.*chr.*chr.*explode.*chr.*preg_replace
+eval.*gzinflate.*base64_decode
+MailTo.*base64_decode.*POST.*mailto
+function.*return.*str_repeat.*ceil.*strlen.*strlen
+if.*isset.*GLOBALS.*GLOBALS.*&&.*GLOBALS.*GLOBALS
+<?php.*if.*isset.*REQUEST.*REQUEST.*exit;}?>
+eval.*str_rot13.*gzinflate.*str_rot13.*base64_decode
+(.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*/.*)
+GLOBALS.*Array.*global.*GLOBALS.*NULL.*NULL.*NULL.*function.*return.*function.*global.*Array.*elseif.*eval.*exit
+if($.*=@fsockopen($.*$this->.*[.*(.*)].*$.*$.*$.*(.*)))
+@system(.*killall -9 .*.basename(.*/usr/bin/host.*));
+echo.*eval(urldecode($.*));
diff --git a/scan.sh b/scan.sh
index 722bb43..efbd8cd 100644
--- a/scan.sh
+++ b/scan.sh
@@ -15,11 +15,12 @@ phishing = "patterns/phishing.txt"
 base64 = "patterns/base64.txt"
 mailing = "patterns/mailing.txt"
 polymorphic = "patterns/polymorphic.txt"
+crypto = "patterns/crypto.txt"
 
 # Scanning for Phishing
 for i in $(cat $phishing) 
 	do
-		grep -Rl -e $i /home/$user/public_html
+		grep -Rl -e $i --include=*.{php,phtml,js,html,suspected}* /home/$user/public_html
 	done
 
 
@@ -35,3 +36,8 @@ for i in $(cat $mailing)
 		grep -Rl -e $i /home/$user/public_html
 	done
 
+# Scanning for CryptoCurrency Miners
+for i in $(cat $crypto) 
+	do
+		grep -Rl -e $i /home/$user/public_html
+	done
\ No newline at end of file