diff --git a/malware6.pl b/malware6.pl
index 36c7127..102be30 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -107,6 +107,7 @@ my @regexen = (
     qr/<\?php exec\(\"wget http:\/\/.+?\?>/is,
     qr/<\?php+?elseif\(function_exists\(\"passthru\"\)\)\{.+?fclose\(\$handle\);.+?echo ex\(\"cd \/dev\/shm;rm -rf ([A-z0-9_]{1,20})\.txt\"\);\s+\?>/is,
     qr/<\?php.+?if \(isset\(\$_GET\[\"cookie\"\]\)\) \{ echo \'cookie=4\'; if \(isset\(\$_POST\[\"([A-z0-9_]{1,20})\"\]\)\) \@eval\(base64_decode\(\$_POST\[\"([A-z0-9_]{1,20})\"\]\)\); exit; \}.+?\?>/is,
+    qr/<\? \/\*\*\/eval\(base64_decode\(\'aWYo.+?\)\); \?>/is,
 
 
     
diff --git a/malwaresh.pl b/malwaresh.pl
index 0e7ed2f..c2da3d9 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1092,7 +1092,7 @@ my @regexen = (
     qr/<\?php exec\(\"wget http:\/\/.+?\?>/is,
     qr/<\?php+?elseif\(function_exists\(\"passthru\"\)\)\{.+?fclose\(\$handle\);.+?echo ex\(\"cd \/dev\/shm;rm -rf ([A-z0-9_]{1,20})\.txt\"\);\s+\?>/is,
     qr/<\?php.+?if \(isset\(\$_GET\[\"cookie\"\]\)\) \{ echo \'cookie=4\'; if \(isset\(\$_POST\[\"([A-z0-9_]{1,20})\"\]\)\) \@eval\(base64_decode\(\$_POST\[\"([A-z0-9_]{1,20})\"\]\)\); exit; \}.+?\?>/is,
-
+    qr/<\? \/\*\*\/eval\(base64_decode\(\'aWYo.+?\)\); \?>/is,