diff --git a/malware6.pl b/malware6.pl
index 927e719..75d6032 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -246,7 +246,9 @@ my @regexen = (
     qr/<\? eval\(gzinflate\(strrev\(unserialize\(str_rot13\(base64_decode\(.+?\)\)\)\)\)\); \?>/is,
     qr/<\?php \$ip = getenv\(\"REMOTE_ADDR\"\);.+?Link Mailer.+?mail\(\$bilsnd,\$bilsub,\$bilsmg,\$bilhead,\$message\); \?>/is,
     qr/<\?php \$([A-z0-9_]{1,20}) = \'\'\.chr\(115\)\.\'trre\'\.chr\(118\)\.\'\';\$([A-z0-9_]{1,20}) = array\(.+?\);eval\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\'\',\$([A-z0-9_]{1,20})\)\)\)\); \?>/is,
-        
+    qr/<\?php.+?\[uname\]\"\.php_uname\(\)\.\"\[\/uname\]\".+?Go Xsender.+?<\/html>/is,
+    qr/<\?php \$([A-z0-9_]{1,20})=\'base6\'\.\'4\'\.\'_d\'\.\'eco\'\.\'de\'\.\'\'; \@eval\(\$([A-z0-9_]{1,20})\(.+?\'\.\'\'\)\);/is,
+    qr/<\?php if\(!function_exists\(.+?\.\'\/scopbin\';clearstatcache\(\);if\(!is_dir\(\$.+?\'; eval\(.+?\)\);\?>/is,
 
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 75df1d8..f8a769a 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1234,8 +1234,9 @@ my @regexen = (
     qr/<\? eval\(gzinflate\(strrev\(unserialize\(str_rot13\(base64_decode\(.+?\)\)\)\)\)\); \?>/is,
     qr/<\?php \$ip = getenv\(\"REMOTE_ADDR\"\);.+?Link Mailer.+?mail\(\$bilsnd,\$bilsub,\$bilsmg,\$bilhead,\$message\); \?>/is,
     qr/<\?php \$([A-z0-9_]{1,20}) = \'\'\.chr\(115\)\.\'trre\'\.chr\(118\)\.\'\';\$([A-z0-9_]{1,20}) = array\(.+?\);eval\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\$([A-z0-9_]{1,20})\(\'\',\$([A-z0-9_]{1,20})\)\)\)\); \?>/is,
-    
-
+    qr/<\?php.+?\[uname\]\"\.php_uname\(\)\.\"\[\/uname\]\".+?Go Xsender.+?<\/html>/is,
+    qr/<\?php \$([A-z0-9_]{1,20})=\'base6\'\.\'4\'\.\'_d\'\.\'eco\'\.\'de\'\.\'\'; \@eval\(\$([A-z0-9_]{1,20})\(.+?\'\.\'\'\)\);/is,
+    qr/<\?php if\(!function_exists\(.+?\.\'\/scopbin\';clearstatcache\(\);if\(!is_dir\(\$.+?\'; eval\(.+?\)\);\?>/is,
 
 );