diff --git a/malware6.pl b/malware6.pl
index a92c5d7..60129f9 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -273,6 +273,13 @@ my @regexen = (
     qr/<html>\s+<head>\s+<title>Symlink Get Config.+?echo system\(\'ls \/var\/mail\'\);.+?symlink\(\'\/var\/www\/html\/include\/connect\.php\',\'OTHER\.txt\'\);.+?\?>\s+<\/td><\/table><\/body><\/html>/is,    
     qr/<\?php\s+function query_str\(\$params\)\{.+?Priv8.+?sent successfully\'\); <\/script>\";\}\}\s+\?>\s+<\/body>\s+<\/html>/is,
     qr/<\?php print_r\(eval\(\$_POST\[0\]\)\);/is,
+    qr/<\?php if\(\$_GET\[\"login\"\].+?\$([A-z0-9_]{1,20})=base64_decode\(\$_POST\[\"([A-z0-9_]{1,20})\"\]\); \@eval\(\"\\\$([A-z0-9_]{1,20}) = \$([A-z0-9_]{1,20});\"\);\}.+?value=\"submit\"\/><\/form>/is,
+    qr/<\?php\s+error_reporting\(0\);\s+if\(array_keys\(\$_GET\)\[0\] == \'([A-z0-9_]{1,20})\'\)\{\s+\$spacer_open\s+\{\$\{eval\(base64_decode\(.+?\'\)\)\}\}\{\$\{exit\(\)\}\}&\s+\$_phpinclude_output;/is,
+    qr/<\?php.+?\$auth_pass =.+?eval\(gzinflate\(str_rot13\(base64_decode\(.+?\)\)\)\);\s+\?>/is,
+    qr/<\?php if\(empty\(\$_GET\[\'ineedthispage\'\]\) && \$_SERVER\[\'REQUEST_URI\'\]!=\"\/\" && \$_SERVER\[\'REQUEST_URI\'\]!=\"\/index\.php\" && !empty\(\$_SERVER\[\'REQUEST_URI\'\]\)\) \{ini_set\(\'display_errors\',\"Off\"\);ignore_user_abort\(1\);\$.+?;\};\s+\/\/item->alias\s+\?>/is,
+    qr/<\?php \$([A-z0-9_]{1,20}) = \'strr\'\.chr\(101\)\.\'v\';\$([A-z0-9_]{1,20}) = array\(.+?eval\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\'\',\$([A-z0-9_]{1,20})\)\)\)\); \?>/is,
+    qr/<\?php\s+\/\*\*\s+\* Plugin Name: Login Wall.+?if \(!defined\(\'LoginWall\'\)\)\{\s+define\( \'LoginWall\',1\);.+?add_action\(\'login_form\',\'fs_login_session\'\);\s+\}/is,
+    qr/<\?php if\(\$_POST\[\'([A-z0-9_]{1,20})\'\]==\'\'\)\{echo\(\'->\|OK\|-<\'\);exit\(\);\}eval\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\);\?>/is,
        
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index b252f8f..e563682 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1259,9 +1259,15 @@ my @regexen = (
     qr/<\?php.+?\$auth_pass =.+?eval\(str_rot13\(gzinflate\(str_rot13\(base64_decode\(\(\$([A-z0-9_]{1,20})\)\)\)\)\)\);/is,
     qr/<\? \$([A-z0-9_]{1,20})=\$_GET\[\'hamza\'\].+?\@move_uploaded_file\(\$userfile_tmp.+?value=\"Submit\"><\/form>\';\}\}\?>/is,
     qr/<html>\s+<head>\s+<title>Symlink Get Config.+?echo system\(\'ls \/var\/mail\'\);.+?symlink\(\'\/var\/www\/html\/include\/connect\.php\',\'OTHER\.txt\'\);.+?\?>\s+<\/td><\/table><\/body><\/html>/is,
-    
-
-
+    qr/<\?php\s+function query_str\(\$params\)\{.+?Priv8.+?sent successfully\'\); <\/script>\";\}\}\s+\?>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php print_r\(eval\(\$_POST\[0\]\)\);/is,
+    qr/<\?php if\(\$_GET\[\"login\"\].+?\$([A-z0-9_]{1,20})=base64_decode\(\$_POST\[\"([A-z0-9_]{1,20})\"\]\); \@eval\(\"\\\$([A-z0-9_]{1,20}) = \$([A-z0-9_]{1,20});\"\);\}.+?value=\"submit\"\/><\/form>/is,
+    qr/<\?php\s+error_reporting\(0\);\s+if\(array_keys\(\$_GET\)\[0\] == \'([A-z0-9_]{1,20})\'\)\{\s+\$spacer_open\s+\{\$\{eval\(base64_decode\(.+?\'\)\)\}\}\{\$\{exit\(\)\}\}&\s+\$_phpinclude_output;/is,
+    qr/<\?php.+?\$auth_pass =.+?eval\(gzinflate\(str_rot13\(base64_decode\(.+?\)\)\)\);\s+\?>/is,
+    qr/<\?php if\(empty\(\$_GET\[\'ineedthispage\'\]\) && \$_SERVER\[\'REQUEST_URI\'\]!=\"\/\" && \$_SERVER\[\'REQUEST_URI\'\]!=\"\/index\.php\" && !empty\(\$_SERVER\[\'REQUEST_URI\'\]\)\) \{ini_set\(\'display_errors\',\"Off\"\);ignore_user_abort\(1\);\$.+?;\};\s+\/\/item->alias\s+\?>/is,
+    qr/<\?php \$([A-z0-9_]{1,20}) = \'strr\'\.chr\(101\)\.\'v\';\$([A-z0-9_]{1,20}) = array\(.+?eval\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\'\',\$([A-z0-9_]{1,20})\)\)\)\); \?>/is,
+    qr/<\?php\s+\/\*\*\s+\* Plugin Name: Login Wall.+?if \(!defined\(\'LoginWall\'\)\)\{\s+define\( \'LoginWall\',1\);.+?add_action\(\'login_form\',\'fs_login_session\'\);\s+\}/is,
+    qr/<\?php if\(\$_POST\[\'([A-z0-9_]{1,20})\'\]==\'\'\)\{echo\(\'->\|OK\|-<\'\);exit\(\);\}eval\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\);\?>/is,
 );
 
 my @base64_decodes = (