diff --git a/malware4.pl b/malware4.pl
index 2d2ffd6..8a93b90 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -47,7 +47,7 @@ my @regexen = (
     qr/<\?\s+eval\(gzuncompress\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?\$([A-z0-9]{1,20})\s+\=\s+\'pr\'\.\'eg\'\.\'\_r\'\.\'epl\'\.\'ace\'\;.+?\@\$([A-z0-9]{1,20})\(\'\#\#e\'\,.+?\'\'\)\;/is,
     qr/<\?php\s+\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\s+\=\s+\$\_SERVER\;\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\).+?\Z/is,
-    
+    qr/<script\s+type\=\"application\/javascript\">var\s+toggleMenu\s+\=\s+function\(\).+?getCookie\(\"ytm\_hit1\"\)\&\&\(setCookie\(\"ytm\_hit1\"\,1\,1\)\,1\=\=getCookie\(\"ytm\_hit1\"\).+?\/script>\'\)\)\)\;<\/script>/is,
 );
 my @base64_decodes = (