diff --git a/malware5.pl b/malware5.pl
index f0bc86d..309efc1 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -371,7 +371,12 @@ my @regexen = (
     qr/<\?php\s+\$f\s+\=\s+fopen\(.+?echo\s+\"HACKED\s+BY.+?\?>/is,
     qr/<\?php\s+\/\*.+?\$homedir\s+\=\s+\'\.\/\'\;.+?case\s+\'upload\'\:\s+\$dest\s+\=\s+relative2absolute\(\$file\[\'name\'\]\,\s+\$directory\)\;.+?\.php\_uname\(\)\.\'<br><\/b>\'\;\s+\?>/is,
     qr/<\?php\s+eval\(\$\_POST\[([A-z0-9]{1,20})\]\)\?>/is,
-);
+    qr/<\?php\s+if\(\!function\_exists\(\'findsysfolder\'\)\)\{function\s+findsysfolder\(\$.+?clearstatcache\(\)\;if\(\!is\_dir\(\$.+?eval\(.+?\)\)\;\?>/is,    
+    qr/<\?php.+?system\s+file\s+do\s+not\s+delete.+?eval\(\$\_\_\_\(\$\_\_\)\)\;/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\)\s+die\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\;\s+if\s+\(isset\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\s+\{\s+eval\(base64\_decode\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\;\s+exit\;\s+\}\s+\?>/is,
+    qr/<\?php\s+define\(\'CONFIG_FILE\'\,\s+\'\/images\/config\.db\'\)\;.+?function\s+getLinks\(\$server\_host\,\s+\$server\_port\,\s+\$path\,\s+\$key\).+?process\(\)\;\s+\?>/is,
+   
+    );
 
 my @base64_decodes = (
 
diff --git a/malwaresh.pl b/malwaresh.pl
index b48d63f..8d674fa 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -854,7 +854,11 @@ my @regexen = (
     qr/<\?php\s+\$f\s+\=\s+fopen\(.+?echo\s+\"HACKED\s+BY.+?\?>/is,
     qr/<\?php\s+\/\*.+?\$homedir\s+\=\s+\'\.\/\'\;.+?case\s+\'upload\'\:\s+\$dest\s+\=\s+relative2absolute\(\$file\[\'name\'\]\,\s+\$directory\)\;.+?\.php\_uname\(\)\.\'<br><\/b>\'\;\s+\?>/is,
     qr/<\?php\s+eval\(\$\_POST\[([A-z0-9]{1,20})\]\)\?>/is,
-    
+    qr/<\?php\s+if\(\!function\_exists\(\'findsysfolder\'\)\)\{function\s+findsysfolder\(\$.+?clearstatcache\(\)\;if\(\!is\_dir\(\$.+?eval\(.+?\)\)\;\?>/is,    
+    qr/<\?php.+?system\s+file\s+do\s+not\s+delete.+?eval\(\$\_\_\_\(\$\_\_\)\)\;/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\)\s+die\(\$\_GET\[\"([A-z0-9]{1,20})\"\]\)\;\s+if\s+\(isset\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\s+\{\s+eval\(base64\_decode\(\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\;\s+exit\;\s+\}\s+\?>/is,
+    qr/<\?php\s+define\(\'CONFIG_FILE\'\,\s+\'\/images\/config\.db\'\)\;.+?function\s+getLinks\(\$server\_host\,\s+\$server\_port\,\s+\$path\,\s+\$key\).+?process\(\)\;\s+\?>/is,
+
 );
 
 my @base64_decodes = (