diff --git a/malware5.pl b/malware5.pl
index bb41efb..6a12a36 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -430,7 +430,11 @@ my @regexen = (
     qr/<\?PHP\s+\$login.+?\$md5\_pass\s+\=.+?eval\(gzinflate\(base64\_decode\(.+?\?>/is,
     qr/<\?\$sInjectPHP\s+\=\s+\"<iframe\s+src\=.+?function\s+Infect\(\$sDir\).+?closedir\(\$hDir\)\;\s+\}\s+\}\s+\?>/is,
     qr/<iframe\s+src\=\"http\:\/\/.+?\.php\?.+?\"\s+width\=\"0\"\s+height\=\"0\"\s+frameborder\=\"0\"><\/iframe>/is,
-
+    qr/<\?\s+\@include\s+\$\_GET\[\"([A-z0-9]{1,20})\"\]\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/.+?(.*r57.*|.*xpl.*|.*cmd.*|.*c99.*)\;\"\)\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/.+?bypass\.txt\?\?\"\)\;\s+\?>/is,
+    qr/<\?php\s+echo\s+base64\_decode\(\"([A-z0-9]{1,20})\"\)\;\s+\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\"MFTeaM\"\;\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
     );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index 93e027f..11807aa 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -913,6 +913,13 @@ my @regexen = (
     qr/<\?PHP\s+\$login.+?\$md5\_pass\s+\=.+?eval\(gzinflate\(base64\_decode\(.+?\?>/is,
     qr/<\?\$sInjectPHP\s+\=\s+\"<iframe\s+src\=.+?function\s+Infect\(\$sDir\).+?closedir\(\$hDir\)\;\s+\}\s+\}\s+\?>/is,
     qr/<iframe\s+src\=\"http\:\/\/.+?\.php\?.+?\"\s+width\=\"0\"\s+height\=\"0\"\s+frameborder\=\"0\"><\/iframe>/is,
+    qr/<\?\s+\@include\s+\$\_GET\[\"([A-z0-9]{1,20})\"\]\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/.+?(.*r57.*|.*xpl.*|.*cmd.*|.*c99.*)\;\"\)\;\s+\?>/is,
+    qr/<\?php\s+\@include\(\"http\:\/\/.+?bypass\.txt\?\?\"\)\;\s+\?>/is,
+    qr/<\?php\s+echo\s+base64\_decode\(\"([A-z0-9]{1,20})\"\)\;\s+\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
+    qr/<\?php\s+echo\s+\"MFTeaM\"\;\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
+    
+
 
 );