diff --git a/malware5.pl b/malware5.pl
index 9b47a8f..addab26 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -20,6 +20,7 @@ our $q = CGI->new;
 print "Content-type: text/html\n\n";
 
 my @regexen = (
+    qr/<\?php\s+\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?exit\(\)\;\s+\}\Z/is,
     qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;.+?\=array\(.+?\=urldecode\(.+?\)\;exit\(\)\;\}\'\)\;\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}.+?\]\(\)\;\?>/is,
     qr/<\?php.+?\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?\?>/is,
     qr/<\?php\s+\$\{\"\\x.+?\$\{\"G\\x.+?\$\{\"\\x.+?\$\{\$\{\"G\\x.+?\}\;\}\s+\?>/is,
@@ -391,6 +392,17 @@ my @regexen = (
     qr/<\?php\s+\@assert\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+array\(.+?array\(\'bas\'\s+\,\'e64\'\s+\,\'\_de\'\s+\,\'cod\'\s+\,\'e\'\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+array\(\'gzun\'\,\s+\'comp\'\,\s+\'ress\'\)\s+\;\$.+?eval.+?\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+array\(.+?array\(\'bas\'\s+\,\'e64\'\s+\,\'\_de\'\s+\,\'cod\'\s+\,\'e\'\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+array\(\'gz\'\,\s+\'un\'\,\s+\'co\'\,\s+\'mp\'\,\s+\'re\'\,\s+\'ss\'\)\s+\;\$.+?eval.+?\?>/is,
+    qr/<\?php\s+ignore\_user\_abort\(1\)\;.+?echo\s+ex\(\"cd\s+\/dev\/shm\;rm\s+([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\"test\"\;\s+\?>/is,
+    qr/<\?php\s+print\s+\"\_\_code\_\_\"\;\s+\?>/is,
+    qr/<\?php\s+system\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\;\s+\?>/is,
+    qr/<\?php\s+system\(\$\_SERVER\[\"HTTP\_SHELL\"\]\)\;\s+\?>/is,
+    qr/<\?php\s+eval\(stripslashes\(\$\_REQUEST\[\".+?\"\]\)\)\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/pastie\.org\/([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/.+?\.txt\"\)\;\s+\?>/is,
+    
+
+
 
     );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 1dd7c73..70de8c8 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -26,6 +26,7 @@ print "Content-type: text/html\n\n";
 my $user = $ARGV[0];
 
 my @regexen = (
+    qr/<\?php\s+\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?exit\(\)\;\s+\}\Z/is,
     qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;.+?\=array\(.+?\=urldecode\(.+?\)\;exit\(\)\;\}\'\)\;\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}.+?\]\(\)\;\?>/is,
     qr/<\?php.+?\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?\?>/is,
     qr/<\?php\s+\$\{\"\\x.+?\$\{\"G\\x.+?\$\{\"\\x.+?\$\{\$\{\"G\\x.+?\}\;\}\s+\?>/is,
@@ -874,7 +875,15 @@ my @regexen = (
     qr/<\?php\s+\@assert\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+array\(.+?array\(\'bas\'\s+\,\'e64\'\s+\,\'\_de\'\s+\,\'cod\'\s+\,\'e\'\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+array\(\'gzun\'\,\s+\'comp\'\,\s+\'ress\'\)\s+\;\$.+?eval.+?\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+array\(.+?array\(\'bas\'\s+\,\'e64\'\s+\,\'\_de\'\s+\,\'cod\'\s+\,\'e\'\)\;\s+\$([A-z0-9]{1,20})\s+\=\s+array\(\'gz\'\,\s+\'un\'\,\s+\'co\'\,\s+\'mp\'\,\s+\'re\'\,\s+\'ss\'\)\s+\;\$.+?eval.+?\?>/is,
-
+    qr/<\?php\s+ignore\_user\_abort\(1\)\;.+?echo\s+ex\(\"cd\s+\/dev\/shm\;rm\s+([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\"test\"\;\s+\?>/is,
+    qr/<\?php\s+print\s+\"\_\_code\_\_\"\;\s+\?>/is,
+    qr/<\?php\s+system\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\;\s+\?>/is,
+    qr/<\?php\s+system\(\$\_SERVER\[\"HTTP\_SHELL\"\]\)\;\s+\?>/is,
+    qr/<\?php\s+eval\(stripslashes\(\$\_REQUEST\[\".+?\"\]\)\)\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/pastie\.org\/([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/.+?\.txt\"\)\;\s+\?>/is,
+        
 );
 
 my @base64_decodes = (