diff --git a/malware4.pl b/malware4.pl
index 5002737..3194fc5 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -30,6 +30,8 @@ my @regexen = (
     qr/<\?php\s+eval\(gzuncompress\(.+?\"\)\)\;/is,
     qr/<\?php.+?class\s+JApplication.+?new\s+JApplication\(array\s+\(\'UID\'\s+\=>\s+\'([A-z0-9]{1,20})\'\)\)\;/is,
     qr/<\?php\s+\/\*\s+\@package\s+WordPress\s+\*\/\s+eval\(base64\_decode\(\@\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\;\?>/is,
+    qr/<\?php\s+\if\s+\(\!defined\(\'ALREADY\_RUN\_.+?\)\)\;\s+\}/is,
+    
     );
 my @base64_decodes = (