diff --git a/cms-ver.php b/cms-ver.php
index 82c5920..54f5b6e 100644
--- a/cms-ver.php
+++ b/cms-ver.php
@@ -199,6 +199,7 @@
         array("Dolibarr", "/filefunc.inc.php", "define('DOL_VERSION',", "EOL"), // needs to be checked
         array("Mambo", "/version.php", "DEFINE( '_RELEASE',", "EOL"),
         array("ViArt Shop", "/index.php", "***      ViArt Shop", "EOL"),
+        array("PHPMyList", "/readme.txt", "PHPMyList V", "EOL"),
 
 
 // still need to work on these
diff --git a/cms-vss.php b/cms-vss.php
index d09dabf..37c7680 100644
--- a/cms-vss.php
+++ b/cms-vss.php
@@ -213,6 +213,7 @@
         array("Dolibarr", "/filefunc.inc.php", "if (! defined('DOL_VERSION')) define('DOL_VERSION',", "EOL"),
         array("Mambo", "/version.php", "DEFINE( '_RELEASE',", "EOL"),
         array("ViArt Shop", "/index.php", "***      ViArt Shop", "EOL"),
+        array("PHPMyList", "/readme.txt", "PHPMyList V", "EOL"),
 
 
 // still need to work on these
diff --git a/malware.pl b/malware.pl
index 16e469a..ab3c8a1 100644
--- a/malware.pl
+++ b/malware.pl
@@ -1379,9 +1379,21 @@ my @regexen = (
     qr/<\?php if\(isset\(\$_REQUEST\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$myvar = base64_decode\(\$_REQUEST\[\"([A-z0-9_]{1,20})\"\]\); eval\(\$myvar\);\}\?>/is,
     qr/<\?php\s+if \(isset\(\$_GET\[\'([A-z0-9_]{1,20})\'\]\)\)\{die\(\'OK\'\);\}.+?function ([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20}), \$([A-z0-9_]{1,20}) = \"\\x.+?\]; \} \} return \$([A-z0-9_]{1,20}); \}\s+\/\*.+?\*\/\s+\$([A-z0-9_]{1,20}) = \".+?\)\)\);\s+\$([A-z0-9_]{1,20})\(\);\s+\/\*.+?\*\//is,
     qr/<\?php\s+function ([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20}), \$([A-z0-9_]{1,20}) = \"\\x.+?\*\/\s+\$([A-z0-9_]{1,20}) = \".+?\)\)\);\s+\$([A-z0-9_]{1,20})\(\);\s+\/\*.+?\*\//is,   
-    
-   
-    
+    qr/<\?php\s+\$([A-z0-9_]{1,20})=\"\\x61\"\.\"\\x75\"\.chr\(116\)\.\"h\"\.\"\\x5f\"\.\"p\"\.\"a\"\.\"\\x73\"\.\"\\x73\";.+?\)\)\);\s+#############################################################################/is,
+    qr/<\?php\s+\$d=\".+?eval\(([A-z0-9_]{1,20})\(base64_decode\(\$d\), 1234567890\)\);.+?return gzinflate\(\$([A-z0-9_]{1,20})\);\s+\}\s+\?>/is,
+    qr/<\?php\s+#([A-z0-9_]{1,20})#\s+\$GLOBALS\[\'([A-z0-9_]{1,20})\'\]=Array\(\); \?><\? function ([A-z0-9_]{1,20})\(\$i\)\{\$a=Array\(\);return base64_decode\(\$a\[\$i\]\);\} \?>.+?\}\s+#\/([A-z0-9_]{1,20})#\s+\?>/is,
+    qr/<\?php\s+\?>/is,
+    qr/<\?php preg_replace\(\"\/\.\*\/e\",\"\\x65.+?\\x3B\",\"\"\); \?>/is,
+    qr/GIF89A;<\?php if\(!function_exists\(.+?base64_decode.+?\)\);\?>/is,
+    qr/<\?php eval\(\$_REQUEST\[cmd\]\); \?>/is,
+    qr/<\?php\s+system\(\'uname -a\'\);\s+unlink\(__FILE__\);\s+\?>/is,
+    qr/#([A-z0-9_]{1,20})#\s+\$GLOBALS\[\'([A-z0-9_]{1,20})\'\]=Array\(\); \?><\? function ([A-z0-9_]{1,20})\(\$i\)\{\$a=Array\(\);return base64_decode\(\$a\[\$i\]\);\} \?>.+?\}\s+#\/([A-z0-9_]{1,20})#/is,
+    qr/<\?php\s+function get_files\(\$dir = \"\.\".+?eval\(base64_decode\(\".+?\"\)\);\s+\?>/is,
+    qr/<\?php\s+\$.+?=\'wp-admin\';\s+\$.+?\]\(\);\?>/is,
+    qr/<\?php\s+\@include_once\(\"tetete\.php\"\);\s+\?>/is,
+    qr/<\?php.+?Simple Plugin.+?\$a = chr\(.+?\@array_diff_ukey\(\@array\(\(string\)\(\$a\) => 1\), \@array\(\(string\)\(\$b\) => 2\), \$c\);\s+\@include\(\$a\);\s+\@unlink\(\$a\);/is,
+    qr/<script type=\'text\/javascript\' async src=\'https:\/\/somelandingpage\.com\/.+?\'><\/script>/is,
+
 );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index c97e9b7..2652177 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1390,6 +1390,19 @@ my @regexen = (
     qr/<\?php\s+if \(isset\(\$_GET\[\'([A-z0-9_]{1,20})\'\]\)\)\{die\(\'OK\'\);\}.+?function ([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20}), \$([A-z0-9_]{1,20}) = \"\\x.+?\]; \} \} return \$([A-z0-9_]{1,20}); \}\s+\/\*.+?\*\/\s+\$([A-z0-9_]{1,20}) = \".+?\)\)\);\s+\$([A-z0-9_]{1,20})\(\);\s+\/\*.+?\*\//is,
     qr/<\?php\s+function ([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20}), \$([A-z0-9_]{1,20}) = \"\\x.+?\*\/\s+\$([A-z0-9_]{1,20}) = \".+?\)\)\);\s+\$([A-z0-9_]{1,20})\(\);\s+\/\*.+?\*\//is,   
     qr/<\?php\s+\$([A-z0-9_]{1,20})=\"\\x61\"\.\"\\x75\"\.chr\(116\)\.\"h\"\.\"\\x5f\"\.\"p\"\.\"a\"\.\"\\x73\"\.\"\\x73\";.+?\)\)\);\s+#############################################################################/is,
+    qr/<\?php\s+\$d=\".+?eval\(([A-z0-9_]{1,20})\(base64_decode\(\$d\), 1234567890\)\);.+?return gzinflate\(\$([A-z0-9_]{1,20})\);\s+\}\s+\?>/is,
+    qr/<\?php\s+#([A-z0-9_]{1,20})#\s+\$GLOBALS\[\'([A-z0-9_]{1,20})\'\]=Array\(\); \?><\? function ([A-z0-9_]{1,20})\(\$i\)\{\$a=Array\(\);return base64_decode\(\$a\[\$i\]\);\} \?>.+?\}\s+#\/([A-z0-9_]{1,20})#\s+\?>/is,
+    qr/<\?php\s+\?>/is,
+    qr/<\?php preg_replace\(\"\/\.\*\/e\",\"\\x65.+?\\x3B\",\"\"\); \?>/is,
+    qr/GIF89A;<\?php if\(!function_exists\(.+?base64_decode.+?\)\);\?>/is,
+    qr/<\?php eval\(\$_REQUEST\[cmd\]\); \?>/is,
+    qr/<\?php\s+system\(\'uname -a\'\);\s+unlink\(__FILE__\);\s+\?>/is,
+    qr/#([A-z0-9_]{1,20})#\s+\$GLOBALS\[\'([A-z0-9_]{1,20})\'\]=Array\(\); \?><\? function ([A-z0-9_]{1,20})\(\$i\)\{\$a=Array\(\);return base64_decode\(\$a\[\$i\]\);\} \?>.+?\}\s+#\/([A-z0-9_]{1,20})#/is,
+    qr/<\?php\s+function get_files\(\$dir = \"\.\".+?eval\(base64_decode\(\".+?\"\)\);\s+\?>/is,
+    qr/<\?php\s+\$.+?=\'wp-admin\';\s+\$.+?\]\(\);\?>/is,
+    qr/<\?php\s+\@include_once\(\"tetete\.php\"\);\s+\?>/is,
+    qr/<\?php.+?Simple Plugin.+?\$a = chr\(.+?\@array_diff_ukey\(\@array\(\(string\)\(\$a\) => 1\), \@array\(\(string\)\(\$b\) => 2\), \$c\);\s+\@include\(\$a\);\s+\@unlink\(\$a\);/is,
+    qr/<script type=\'text\/javascript\' async src=\'https:\/\/somelandingpage\.com\/.+?\'><\/script>/is,
 
 );
 
diff --git a/scan.py b/scan.py
index 1eb1c56..55bb1c4 100644
--- a/scan.py
+++ b/scan.py
@@ -679,7 +679,7 @@ if __name__ == '__main__':
         for root, dirnames, filenames in os.walk(basedir):
             for filename in filenames:
                 if fnmatch.fnmatch(filename, '*.php') or \
-                fnmatch.fnmatch(filename, '*.txt') or \
+                fnmatch.fnmatch(filename, '*.phtml') or \
                         fnmatch.fnmatch(filename, '*.js'):
                     hacked = is_hacked(os.path.join(root, filename))
                     if hacked is not False and hacked['score'] >= MIN_SCORE:
@@ -688,7 +688,7 @@ if __name__ == '__main__':
         filename = basedir
         root = os.getcwd()
         if fnmatch.fnmatch(filename, '*.php') or \
-                fnmatch.fnmatch(filename, '*.txt') or \
+                fnmatch.fnmatch(filename, '*.phtml') or \
                 fnmatch.fnmatch(filename, '*.js'):
             hacked = is_hacked(os.path.join(root, filename))
             if hacked is not False and hacked['score'] >= MIN_SCORE: