diff --git a/malware6.pl b/malware6.pl
index a233ee0..9601da8 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -54,7 +54,7 @@ my @regexen = (
     qr/<\?php.+?\$wp_file_descriptions = array\(.+?\$search\.\"\.\@\"\.\$wp_file_descriptions\[\'rtl\.css\'\]\);\s+\?>/is,
     qr/<\?php \@eval\(\"\?>\"\.base64_decode\(.+?\)\);\/\/Generated by Ampare PHP Encoder. For more security please use php protect before encode the php program/is,
     qr/<\?php echo \'<div style=\"position:absolute; left:-9000px;\"><a href=\"http:\/\/.+?\">(viagra|cialis|levitra)<\/a><\/div>\'; \?>/is,
-    qr/if\(\$([A-z0-9]{1,20})=curl_init\(\)\)\{if\(isset\(\$_GET\[base64_decode\(\'.+?\'\)\]\)\)\{\$([A-z0-9]{1,20})=\$_GET\[base64_decode\(\'.+?\'\)\];curl_setopt\(([A-z0-9]{1,20}),CURLOPT_URL,\$([A-z0-9]{1,20})\);curl_setopt\(\$([A-z0-9]{1,20}),CURLOPT_RETURNTRANSFER,true\);eval\(curl_exec\(\$([A-z0-9]{1,20})\)\);curl_close\(\$([A-z0-9]{1,20})\);\}\}/is,
+    qr/if\(\$([A-z0-9]{1,20})=curl_init\(\)\)\{if\(isset\(\$_GET\[base64_decode.+?curl_close\(\$([A-z0-9]{1,20})\);\}\}/is,
 
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 371b8e8..19528c7 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1039,7 +1039,7 @@ my @regexen = (
     qr/<\?php.+?\$wp_file_descriptions = array\(.+?\$search\.\"\.\@\"\.\$wp_file_descriptions\[\'rtl\.css\'\]\);\s+\?>/is,
     qr/<\?php \@eval\(\"\?>\"\.base64_decode\(.+?\)\);\/\/Generated by Ampare PHP Encoder. For more security please use php protect before encode the php program/is,
     qr/<\?php echo \'<div style=\"position:absolute; left:-9000px;\"><a href=\"http:\/\/.+?\">(viagra|cialis|levitra)<\/a><\/div>\'; \?>/is,
-    qr/if\(\$([A-z0-9]{1,20})=curl_init\(\)\)\{if\(isset\(\$_GET\[base64_decode\(\'.+?\'\)\]\)\)\{\$([A-z0-9]{1,20})=\$_GET\[base64_decode\(\'.+?\'\)\];curl_setopt\(([A-z0-9]{1,20}),CURLOPT_URL,\$([A-z0-9]{1,20})\);curl_setopt\(\$([A-z0-9]{1,20}),CURLOPT_RETURNTRANSFER,true\);eval\(curl_exec\(\$([A-z0-9]{1,20})\)\);curl_close\(\$([A-z0-9]{1,20})\);\}\}/is,
+    qr/if\(\$([A-z0-9]{1,20})=curl_init\(\)\)\{if\(isset\(\$_GET\[base64_decode.+?curl_close\(\$([A-z0-9]{1,20})\);\}\}/is,
 );
 
 my @base64_decodes = (