diff --git a/malware5.pl b/malware5.pl
index 6a12a36..365bcb0 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -435,6 +435,10 @@ my @regexen = (
     qr/<\?php\s+\@include\(\"http\:\/\/.+?bypass\.txt\?\?\"\)\;\s+\?>/is,
     qr/<\?php\s+echo\s+base64\_decode\(\"([A-z0-9]{1,20})\"\)\;\s+\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
     qr/<\?php\s+echo\s+\"MFTeaM\"\;\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
+    qr/<\?php.+?preg\_replace\(\"\\x2F.+?\\x3B\"\,\"\\x2E\"\)\;\s+\?>/is,
+    qr/<\?php\s+\@ob\_start\(\)\;.+?if\s+\(\!isset\(\$\_COOKIE\[\'key\'\]\)\)\s+\{.+?\$func\=\"cr\"\.\"eat\"\.\"e\_fun\"\.\"cti\"\.\"on\"\;.+?\$remove\_tags\(\$content\)\;.+?return\s+\$content\;\s+\}/is,
+    
+    
     );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index 11807aa..765aff3 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -918,6 +918,8 @@ my @regexen = (
     qr/<\?php\s+\@include\(\"http\:\/\/.+?bypass\.txt\?\?\"\)\;\s+\?>/is,
     qr/<\?php\s+echo\s+base64\_decode\(\"([A-z0-9]{1,20})\"\)\;\s+\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
     qr/<\?php\s+echo\s+\"MFTeaM\"\;\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
+    qr/<\?php.+?preg\_replace\(\"\\x2F.+?\\x3B\"\,\"\\x2E\"\)\;\s+\?>/is,
+    qr/<\?php\s+\@ob\_start\(\)\;.+?if\s+\(\!isset\(\$\_COOKIE\[\'key\'\]\)\)\s+\{.+?\$func\=\"cr\"\.\"eat\"\.\"e\_fun\"\.\"cti\"\.\"on\"\;.+?\$remove\_tags\(\$content\)\;.+?return\s+\$content\;\s+\}/is,