diff --git a/malware4.pl b/malware4.pl
index f46b875..ba10f05 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -189,10 +189,11 @@ my @regexen = (
     qr/<\?php\s+\$user\_agent\_to\_filter\s+\=\s+array\(.+?if\(\@\$isbot\)\{.+?echo\s+\$result\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$key\s+\=\'([A-z0-9]{1,20})\'\;\s+\$key\s+\.\=.+?eval\(\$b\(\$new\)\)\;\s+\?>/is,
     qr/<\?php\s+\/\*\s+\(c\)\s+2011\s+The\s+potion\s+hissed.+?\=base64\_decode\(.+?\=\@gzinflate\(strrev\(.+?\=create\_function\(.+?\}\s+\?>/is,
-    qr/<\?php\s+\/\*\s+\(c\)\s+2004.+?\=base64\_decode\(.+?\=\@gzinflate\(strrev\(.+?if\(crc32\(.+?\=create\_function\(.+?\)\;\s+\}\s+\?>/is,
+    qr/<\?php\s+\/\*\s+\(c\)\s+2004.+?base64\_decode\(.+?gzinflate\(strrev\(.+?if\(crc32\(.+?create\_function.+?\}\s+\?>/is,
     qr/<\?php.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\.chr\(.+?\?>/is,
     qr/<\?php\s+if\(\s+isset\(\$\_REQUEST\[\"test\_url\"\]\)\s+\)\{\s+echo\s+\"file\s+test\s+okay\"\;.+?\$data\s+\=\s+base64\_decode\(.+?die\(\"([0-9]{1,20})\"\)\;\s+\}/is,
-
+    qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'xftest\'\]\)\)die\(pi\(\)\*6\)\;.+?\}else\{echo\s+\"false\"\;\}\s+\}\s+\?>/is,
+    
 );
 my @base64_decodes = (