diff --git a/malware4.pl b/malware4.pl
index eddfd10..f86665f 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -91,7 +91,7 @@ my @regexen = (
 	qr/A<\?php\s+\$license\s+\=\s+str\_rot13\(\'n\'\.\'f\'\.\'f\'\.\'r\'\.\'e\'\.\'g\'\)\;\s+\$license\(\$\_POST\[\'info\'\]\)\;\s+\?>/is,
     qr/<\?php\s+preg\_replace\(\"\/\.\/.+?\)\)\)\;\"\,\"\.\"\)\;/is,
 	qr/<\?php\s+\$file.+?function\s+dwnld\(\$file\)\s+\{.+?header\(\"HTTP\/1\.0\s+404\s+Not\s+Found\"\)\;\s+exit\;\s+\?>/is,
-    qr/<\?php\s+error\_reporting\(0\)\;\s+\$\_([A-z0-9]{1,20})\s+\=.+?\;\s+for\s+\(\$i\s+\=\s+0\;\s+\$i\s+<\s+strlen\(\$\_([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\s+\$\_([A-z0-9]{1,20})\s+\.\=\s+sprintf\(\"\%c\"\,\s+$\_([A-z0-9]{1,20})\s+\^\s+ord\(\$\_([A-z0-9]{1,20})\[\$i\]\)\)\;\$\_([A-z0-9]{1,20})\s+\=\s+\"\"\;s+for.+?\*\//is,
+ #   qr/<\?php\s+error\_reporting\(0\)\;\s+\$\_([A-z0-9]{1,20})\s+\=.+?\;\s+for\s+\(\$i\s+\=\s+0\;\s+\$i\s+<\s+strlen\(\$\_([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\s+\$\_([A-z0-9]{1,20})\s+\.\=\s+sprintf\(\"\%c\"\,\s+$\_([A-z0-9]{1,20})\s+\^\s+ord\(\$\_([A-z0-9]{1,20})\[\$i\]\)\)\;\$\_([A-z0-9]{1,20})\s+\=\s+\"\"\;s+for.+?\*\//is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?explode\(chr\(\(.+?\$([A-z0-9]{1,20})\=\(([0-9]{1,4})\-([0-9]{1,4})\)\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is,
     qr/<\?php\s+\@ini\_set\(\'display\_errors.+?bad\_agents\s+\=\s+\'\~google.+?register\_shutdown\_function\(\'ob\_end\_flush\'\)\;\s+\}\s+\}\s+\?>/is,
     qr/<html>\s+<head>\s+<title>Hacked\s+by\s+ZeDaN\-Mrx.+?<\/iframe>\s+<\/html>/is,
@@ -101,7 +101,7 @@ my @regexen = (
     qr/<\?php\s+if\s+\(isset\(\$\{\"\_REQ\"\.\"UEST\"\}\[\'([A-z0-9]{1,20})\'\]\)\)\{\$q\=\"asser\"\.\"t\"\;\$q\(\$\{\"\_REQUEST\"\}\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}/is,
     qr/<\!DOCTYPE\s+html\s+PUBLIC.+?rainbow\.arch\.scriptmania\.com.+?height\=\"1\"\s+width\=\"1\"><\/embed>\s+\<\/html>/is,
     qr/<\?php\s+if\/\*([A-z0-9]{1,20})\*\/\(isset\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\)\{\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\;\/\*([A-z0-9]{1,20})\*\/exit\;\}/is,
-    qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\/\*([A-z0-9]{1,20})\*\/\$P\=\/\*([A-z0-9]{1,20})\*\/\"ass\"\.\"ert\"\;\$W\=\$P\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}\?>/is,
+    qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\/\*([A-z0-9]{1,20})\*\/\$P\=\/\*([A-z0-9]{1,20})\*\/\"ass\"\.\"ert\"\;\$\W\=\$P\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}\?>/is,
     qr/<\?php\s+if\(isset\(\$\_COOKIE\[\".+?\"\]\)\)\{\$\_COOKIE\[\".+?\"\]\(\$\_COOKIE\[\".+?\"\]\)\;exit\;\}/is,
     qr/include\_once\s+\"3732787075626C69635F68746D6C\.htm\"\;/is,
     qr/bgeteam\s+<\?php\s+error\_reporting\(0\)\;\s+if\(isset\(\$\_GET\[bge\]\)\).+?else\{echo\"<b>\"\;\}\}\}\s+\?>/is,
@@ -130,7 +130,7 @@ my @regexen = (
     qr/<\?php\s+set\_magic\_quotes\_runtime\(0\)\;\s+if\(strtolower\(substr\(PHP\_OS\,0\,3\)\).+?Command\s+completed<\/b><\/center>\"\;\s+\}\s+exit\;\s+\?>/is,
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\(\$\_COOKIE\[\"([A-z0-9]{1,20})\"\]\)\;exit\;\/\*([A-z0-9]{1,20})\*\/\}.+?\"\)\{return\s+preg\_match\(\"\/\(google\.co\.jp\|yahoo\.co\.jp\|bing\)\/.+?return\s+\$([A-z0-9]{1,20})\;\}\Z/is,
     qr/<\?if\(\$\_GET\[\'mod\'\]\)\{if\(\$\_GET\[.+?file\_get\_contents\(\'http\:\/\/.+?gethostbyname.+?dbl\.spamhaus\.org\'\)\;.+?\?>/is,
-    qr/<\?php\s+\$x([0-9]{1,10})\=\".+?elseif\s+\(\$x([0-9]{1,10})\s+\=\=\.+?\$\x([0-9]{1,10})\s+\=\s+\'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\'.+?\$x([0-9]{1,10})\s+\=\s+\$x([0-9]{1,10})\(MCRYPT\_BLOWFISH.+?return\s+\$x([0-9]{1,10})\;\s+\}\}\s+\?>/is,
+  #  qr/<\?php\s+\$x([0-9]{1,10})\=\".+?elseif\s+\(\$x([0-9]{1,10})\s+\=\=\.+?\$\x([0-9]{1,10})\s+\=\s+\'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\'.+?\$x([0-9]{1,10})\s+\=\s+\$x([0-9]{1,10})\(MCRYPT\_BLOWFISH.+?return\s+\$x([0-9]{1,10})\;\s+\}\}\s+\?>/is,
     qr/<\?php.+?die\(\"test\s+success\"\)\;.+?exit\;\s+\}\s+\?>/is,
     qr/error\_reporting\(0\)\;\s+\$query.+?\'Googlebot\'\)\s+\!\=\=\s+false\)\{.+?return\s+\$file\_contents\;\s+\}/is,
     qr/a\:4\:\{s\:1\:.+?RewriteEngine.+?<\/IfModule>\"\;\}/is,
@@ -196,14 +196,14 @@ my @regexen = (
     qr/<\?php.+?Twenty\_Sixteen.+?eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php.+?str\_ireplace\(\"([A-z0-9]{1})\"\,\"\"\,\"([A-z]{1,10})b([A-z]{1,10})a([A-z]{1,10})s([A-z]{1,10})e([A-z]{1,10})6([A-z]{1,10})4([A-z]{1,10})\_([A-z]{1,10})d([A-z]{1,10})e([A-z]{1,10})c([A-z]{1,10})o([A-z]{1,10})d([A-z]{1,10})e([A-z]{1,10})\"\).+?}\s+\?>/is,
     qr/<\?php\s+error\_reporting\(E\_ERROR.+?\$wp\_code\s+\=.+?\?>/is,
-    qr/<\?php\s+\$s\_pass\s+\=\s+\"\"\;\s+eval\(\"\\\$x\=gzin\"\.\"flate\(base\"\.\"64\_de\"\.\"code\(.+?\)\)\;\"\)\;eval\(\"\?>\"\.\$x\)\;\s+\?>/is,
+    qr/<\?php\s+\$s\_pass\s+\=\s+\"\"\;\s+eval\(\"\W\$x\=gzin\"\.\"flate\(base\"\.\"64\_de\"\.\"code\(.+?\)\)\;\"\)\;eval\(\"\?>\"\.\$x\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\"cr\"\.\"eat\"\.\"e\_fun\"\.\"cti\"\.\"on\"\;\$([A-z0-9]{1,20})\=\@\$([A-z0-9]{1,20})\(\'\$([A-z0-9]{1,20})\'\,\'ev\'\.\'al\'\.\'\(\"\?>\"\.gz\'\.\'inf\'\.\'late\'\.\'\(\s+bas\'\.\'e64\'\.\'\_de\'\.\'co\'\.\'de\(\$([A-z0-9]{1,20})\)\)\)\;\'\)\;\@\$([A-z0-9]{1,20}).+?\)\;/is,
 #    qr/<\?php.+?bas._?64\_d.+?cod.+?POST\[.+?file\_put\_contents.+?include\(.+?unlink\(.+?\'\)\;/is,
     qr/<\?php\s+\@eval\(\$\_POST\[\".+?\"\]\)\;\?>/is,
     qr/if\(isset\(\$\_REQUEST\[\'sort\'\]\)\)\{\s+\$string\s+\=\s+\$\_REQUEST\[\'sort\'\]\;\s+\$array\_name\s+\=\s+\'\'\;\s+\$alphabet.+?\$ar\s+\=\s+array\(.+?foreach\(\$ar\s+as\s+\$t\)\{\s+\$array\_name\s+\.\=\s+\$alphabet\[\$t\]\;\s+\}\s+\$a\s+\=\s+strrev\(.+?\$f\s+\=\s+\$a\(\"\"\,\s+\$array\_name\(\$string\)\)\;\s+\$f\(\)\;\s+exit\(\)\;\s+\}/is,
     qr/<\?php\s+error\_reporting\(0\)\;\s+set\_time\_limit\(0\)\;.+?class\s+O\s+\{\s+private\s+\$content\_\s+\=.+?execute\(\)\;/is,
     qr/<\?php.+?\$([A-z0-9]{1,20})\=str\_ireplace\(.+?define\(\'([A-z0-9]{1,20})\'\,\s+\_\_DIR\_\_\)\;.+?\?>/is,
-    qr/<\?php.+?error\_reporting\(([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=\!preg\_match\(\'\~\^\(unsafe\_raw\)\?\$\~\'\,ini\_get\(\"filter\.default\"\)\)\\;if\(\$([A-z0-9]{1,20})\|\|ini\_get\(\"filter\.default\_flags\"\)\)\{foreach\(array\(\'\_GET\'\,\'\_POST\'\,\'\_COOKIE\'\,\'\_SERVER\'\).+?lzw\_decompress\(.+?/is,
+    qr/<\?php.+?error\_reporting\(([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=\!preg\_match\(\'\~\^\(unsafe\_raw\)\?\$\~\'\,ini\_get\(\"filter\.default\"\)\)\;if\(\$([A-z0-9]{1,20})\|\|ini\_get\(\"filter\.default\_flags\"\)\)\{foreach\(array\(\'\_GET\'\,\'\_POST\'\,\'\_COOKIE\'\,\'\_SERVER\'\).+?lzw\_decompress\(.+?/is,
     qr/<\?php\s+\$suc\s+\=\s+false\;\s+\$([A-z0-9]{1,20})\s+\=\s+\$\_SERVER\[\'DOCUMENT\_ROOT\'\]\s+\.\s+\'\/wp\-config\.php\'\;.+?\$([A-z0-9]{1,20})\s+\=\s+\$\_SERVER\[\'DOCUMENT\_ROOT\'\]\s+\.\s+\'\/configuration\.php\'\;.+?if\(\$suc\s+\!\=\s+true\)\s+\{\s+echo\s+\'Not\s+found\s+file\'\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?\$\_([A-z0-9]{1,20})\s+\=\s+create\_function\s+\(\'\$([A-z0-9]{1,20})\'\,\s+([A-z0-9]{1,20})\s+\(base64\_decode\s+\(.+?\)\,\s+\$\_COOKIE\s+\[str\_replace\(\'\.\'\,\s+\'\_\'\,\s+\$\_SERVER\[\'HTTP\_HOST\'\]\)\]\)\s+\.\s+\'\;\'\)\;\s+\$\_([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\s+function\s+([A-z0-9]{1,20})\s+\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\s+\{\s+return\s+\$([A-z0-9]{1,20})\s+\^\s+str\_repeat\s+\(\$([A-z0-9]{1,20})\,\s+ceil\s+\(strlen\s+\(\$([A-z0-9]{1,20})\)\s+\/\s+strlen\s+\(\$([A-z0-9]{1,20})\)\)\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$c\=base64\_decode\(\'.+?\=\'\)\.\$\_GET\[n\]\.\'t\'\;\@\$c\(\$\_POST\[x\]\)\;\?>abcabcabc/is,
@@ -217,7 +217,7 @@ my @regexen = (
     qr/<\?php\s+function\s+result\(\$data\).+?srand\(seed\(\)\)\;.+?echo\(result\(array\(.+?\?>/is,
     qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'xftest\'\]\)\)die\(pi\(\)\*.+?\]\)\;\}exit\(\)\;\}/is,
     qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;\s+charset\=utf\-8\'\)\;\s+\$O\_OO\_\_000O\=\'1044\'\;\s+\$O0O00OO\_\_\_\=urldecode\(.+?\]\(\)\;\?>/is,
-    qr/<\?php\s+\$([A-z0-9]{1,20})\=.+?\=str\_rot13\(\'([A-z0-9]{1,20})\_([A-z0-9]{1,20})\'\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'([A-z0-9]{1,20})64\_([A-z0-9]{1,20})\'\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'([A-z0-9]{1,20})\'\)\;\$a\=\'rt\'\;\s+\$b\=\'as\'\;\s+\$b\.\=\'se\'\s+\.\s+\$a\;\@\$b\(\$([A-z0-9]{1,20})\(\'ri\'\s+\.\s+\'ny\(\\\'\'\s+\.\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\s+\.\s+\'\\\'\)\'\)\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=.+?\=str\_rot13\(\'([A-z0-9]{1,20})\_([A-z0-9]{1,20})\'\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'([A-z0-9]{1,20})64\_([A-z0-9]{1,20})\'\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\'([A-z0-9]{1,20})\'\)\;\$a\=\'rt\'\;\s+\$b\=\'as\'\;\s+\$b\.\=\'se\'\s+\.\s+\$a\;\@\$b\(\$([A-z0-9]{1,20})\(\'ri\'\s+\.\s+\'ny\(\W'\'\s+\.\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\s+\.\s+\'\\'\)\'\)\)\;/is,
     qr/<\?php\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\s+\{\s+\$([A-z0-9]{1,20})\=base64\_decode\(\$([A-z0-9]{1,20})\)\;.+?if\(\$([A-z0-9]{1,20})\=\=strlen\(\$([A-z0-9]{1,20})\)\)\s+break\;\s+elseif\(.+?\$([A-z0-9]{1,20})\=\(ord\(.+?if\(\!empty\(\$this\->([A-z0-9]{1,20})\)\)return\s+\$this\->([A-z0-9]{1,20})\;\s+return\s+false\;\s+\}\s+\}\s+\?>/is,
     qr/<\?php\s+\@set\_time\_limit\(0\)\;\s+\@ini\_set\(\'display\_errors\'\,\s+1\)\;.+?if\(\!function\_exists\(\'file\_put\_contents\'\)\)\s+\{.+?if\(isset\(\$\_GET\[\"rdir\"\]\)\&\&\s+\$\_GET\[\"url\"\]\)\{.+?function\s+curl\_get\_from\_webpage\_one\_time\(\$url\,\$proxy\=\'\'\,\$tms\=0\)\{.+?unlink\(\"\.\/wp\-content\/uploader\.php\"\)\;\s+\?>/is,
     qr/<\?php.+?Joomla\.Administrator.+?define\(\'\_JEXEC\'\,\s+\'([A-z0-9]{250,})\'\)\;\s+defined\(\'\_JEXEC\'\)\s+or\s+die\;.+?echo\s+\'<form\s+method\=\"post\"\s+action\=\"\">\s+<input\s+type\=\"input\"\s+name\=\s+\"j\_submenu\"\s+value\=\"\"\/><input\s+type\=\"submit\"value\=\"\&gt\;\"\/>\s+<\/form>\'\;\s+\?>/is,
@@ -238,7 +238,7 @@ my @regexen = (
     qr/<\?php\s+error\_reporting\(0\)\;.+?function\s+scan\_dir\(\$dirname\)\{.+?if\s+\(\!function\_exists\(\'file\_put\_contents\'\)\)\s+\{.+?if\s+\(isset\(\$\_POST\[\'startreplace\'\]\)\)\{.+?\s+echo\s+\'Finish\!\s+Dir\:\s+\'\.\$dir\.\'\s+Replace\:\s+\'\s+\.\s+\$repl\s+\.\s+\'\s+Files\:\s+\'\.\s+\$coun\;\s+\}\;\s+\}\s+\?>/is,
     qr/<\?php\s+\/\*\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\s+\#\s+mod\_add\_custom\_css.+?if\s+\(\s+md5\(getenv\(\'HTTP\_USER\_AGENT\'\)\)\s+\=\=.+?eval\(\$data\_row\->htmlcode\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\/\*\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\s+\#\s+mod\_add\_custom\_css.+?define\(\'AKISMET\_VERSION\'\,\s+\'2\.2\.6\'\)\;.+?\$dflt\_actn\s+\=\s+\'FilesMan\'\;.+?<input\s+type\=hidden\s+name\=charset>\s+<\/form>/is,
-    qr/<\?php\s+\/\*\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\s+\#\s+mod\_add\_custom\_css.+?\$([A-z0-9]{1,20})\s+\=\s+\$([A-z0-9]{1,20})\(\s+\"\"\,\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\s+array\(\$([A-z0-9]{1,20})\{([0-9]{1,10})\}\,\s+\"\\n\"\)\,\s+\"\"\,.+?\)\s+\)\s+\)\;\s+\$([A-z0-9]{1,20})\(\)\;\s+\?>/is,
+    qr/<\?php\s+\/\*\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\s+\#\s+mod\_add\_custom\_css.+?\$([A-z0-9]{1,20})\s+\=\s+\$([A-z0-9]{1,20})\(\s+\"\"\,\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\s+array\(\$([A-z0-9]{1,20})\{([0-9]{1,10})\}\,\s+\"Wn\"\)\,\s+\"\"\,.+?\)\s+\)\s+\)\;\s+\$([A-z0-9]{1,20})\(\)\;\s+\?>/is,
     qr/<\?php\s+define\(\'\_JEXEC\'\,\s+1\)\;\s+try\{.+?if\s+\(\s+md5\(getenv\(\'HTTP\_USER\_AGENT\'\)\)\s+\=\=.+?\$db\->query\(\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+define\(\'\_JEXEC\'\,\s+1\)\;\s+try\{.+?if\s+\(\s+md5\(getenv\(\'HTTP\_USER\_AGENT\'\)\)\s+\=\=.+?eval\(\$data\_row\->htmlcode\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\/\*([A-z0-9]{1,20})\*\/if\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\/\*([A-z0-9]{1,20})\*\/\{\$([A-z0-9]{1,20})\/\*([A-z0-9]{1,20})\*\/\=\/\*([A-z0-9]{1,20})\*\/\"ass\".\"ert\"\;\/\*([A-z0-9]{1,20})\*\/\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\/\*([A-z0-9]{1,20})\*\/\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\;exit\;\}\s+\$([A-z0-9]{1,20})\s+\=.+?\$\_([A-z0-9]{1,20})\s+\=\s+create\_function\s+\(\'\$([A-z0-9]{1,20})\'\,\s+([A-z0-9]{1,20})\s+\(base64\_decode\s+\(.+?\)\,\s+\$\_COOKIE\s+\[str\_replace\(\'\.\'\,\s+\'\_\'\,\s+\$\_SERVER\[\'HTTP\_HOST\'\]\)\]\)\s+\.\s+\'\;\'\)\;\s+\$\_([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;.+?\?>/is,
@@ -266,12 +266,20 @@ my @regexen = (
     qr/<\?php\s+error\_reporting\(0\)\;\s+if\(isset\(\$\_REQUEST\[\"start\"\]\)\s+\&\&\s+md5\(\$\_REQUEST\[\"start\"\]\)\s+\=\=\s+\'([A-z0-9]{32})\'\s+\&\&\s+isset\(\$\_REQUEST\[\"stort\"\]\)\)\s+eval\(base64\_decode\(\$\_REQUEST\[\"stort\"\]\)\)\;\?>/is,
     qr/<\?php\s+\/\*\s+VTY\s+\-\s+Database\s+Manager\s+For\s+Mysql.+?\$vty\->BitimIslemleri\(\)\;\s+exit\;\s+\}\s+\?>\s+<\?php.+?class\s+dug\s+\{.+?function\s+menu\(\)\{\s+\?>\s+<table.+?\}\/\/class\:db\s+\?>/is,
     qr/\$([A-z0-9]{1,20})\=\"\-1\(.+?\$([A-z0-9]{1,20})\=array\(\"([A-z0-9]{1,20})\"\=>\".+?\"\;\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\"\"\,\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\;if\(\$([A-z0-9]{1,20})\(\@\$([A-z0-9]{1,20})\[\$([A-z0-9]{1,20})\]\)\=\=\$([A-z0-9]{1,20})\)\$([A-z0-9]{1,20})\(\)\;/is,
-    qr/\/\*([A-z0-9]{1,10})\*\/\s+\@include\s+\"\\x.+?\"\;\s+\/\*([A-z0-9]{1,10})\*\//is,
+    qr/\/\*([A-z0-9]{1,10})\*\/\s+\@include\s+\"\Wx.+?\"\;\s+\/\*([A-z0-9]{1,10})\*\//is,
     qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=.+?\$\_([A-z0-9]{1,10})\s+\=\s+create\_function\s+\(\'\$([A-z0-9]{1,10})\'\,\s+([A-z0-9]{1,10})\s+\(base64\_decode\s+\(.+?\)\,\s+\$\_COOKIE\s+\[str\_replace\(\'\.\'\,\s+\'\_\'\,\s+\$\_SERVER\[\'HTTP\_HOST\'\]\)\]\)\s+\.\s+\'\;\'\)\;\s+\$\_([A-z0-9]{1,10})\(\$([A-z0-9]{1,10})\)\;\s+function\s+([A-z0-9]{1,10})\s+\(\$([A-z0-9]{1,10})\,\s+\$([A-z0-9]{1,10})\)\s+\{\s+return\s+\$([A-z0-9]{1,10})\s+\^\s+str\_repeat\s+\(\$([A-z0-9]{1,10})\,\s+ceil\s+\(strlen\s+\(\$([A-z0-9]{1,10})\)\s+\/\s+strlen\s+\(\$([A-z0-9]{1,10})\)\)\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$k\=\"ass\"\.\"ert\"\;\s+\$k\(\$\{\"\_PO\"\.\"ST\"\}\s+\[\'admins\'\]\)\;\?>No\.1\s+<\?php\s+\@preg\_replace\(\"\/\/e\"\,\$\_POST\[\'sss\'\]\,\"Access\s+Denied\"\)\;\?>/is,
     qr/<\?php\s+\/\*\s+WSO\s+\[2\.6\]\s+\*\/\$OOO000000\=urldecode\(.+?\=\_\_FILE\_\_\;\$.+?([A-z0-9]{1,20})\Z/is,
     qr/<\?php\+\$c\=base64\_decode\(\'([A-z0-9]{1,20})\=\'\)\.\$\_GET\[\'n\'\]\.\'t\'\;\@\$c\(\$\_POST\[\'x\'\]\)\;\?>abcabcabc/is,
-    qr/<\?php\s+ if\s+\(\$\_REQUEST\[\'action\'\]\s+\=\=\s+\'([A-z0-9]{1,10})\'\)\s+\{\s+\$in\_data\s+\=\s+base64\_decode\(\$\_REQUEST\[\'query\'\]\)\;\s+\$fr\s+\=\s+explode\(\'\|\'\,\s+\$in\_data\)\;\s+if\s+\(mail\(stripslashes\(base64\_decode\(\$fr\[0\]\)\)\,\s+stripslashes\(base64\_decode\(\$fr\[1\]\)\)\,\s+base64\_decode\(\$fr\[2\]\)\,\s+stripslashes\(base64\_decode\(\$fr\[3\]\)\)\)\)\s+\{echo\s+\'query\'\;\}\s+else\s+\{echo\s+\'bad\s+request\'\;\}\s+\}\s+else\s+\{echo\s+\'not\s+found\'\;\}/is,
+    qr/<\?php\s+if\s+\(\$\_REQUEST\[\'action\'\]\s+\=\=\s+\'([A-z0-9]{1,10})\'\)\s+\{\s+\$in\_data\s+\=\s+base64\_decode\(\$\_REQUEST\[\'query\'\]\)\;\s+\$fr\s+\=\s+explode\(\'\|\'\,\s+\$in\_data\)\;\s+if\s+\(mail\(stripslashes\(base64\_decode\(\$fr\[0\]\)\)\,\s+stripslashes\(base64\_decode\(\$fr\[1\]\)\)\,\s+base64\_decode\(\$fr\[2\]\)\,\s+stripslashes\(base64\_decode\(\$fr\[3\]\)\)\)\)\s+\{echo\s+\'query\'\;\}\s+else\s+\{echo\s+\'bad\s+request\'\;\}\s+\}\s+else\s+\{echo\s+\'not\s+found\'\;\}/is,
+    qr/<head>\s+<meta\s+name\=\"description\"\s+content\=\"ok\s+file\s+uploaded\">\s+<meta\s+http\-equiv\=\"refresh\"\s+content\=\"0\;URL\=http.+?\"\/>\s+<\/head>/is,
+    qr/<?php.+?function\s+pre\_term\_name\(\s+\$wp\_kses\_data\,\s+\$wp\_nonce\s+\)\s+\{.+?\$\_COOKIE\[\'f\_wp\'\]\s+\:\s+NULL\)\;\s+\$wp\_auth\_check\s+\=\s+\'<form\s+method\=\s+\"post\"\s+action\=\s+\"\">.+?preg\_match\(\'\#<img\s+src\=\"data\:image\/png\;base64\,\(\.\*\)\">\#\'\,\s+\$wp\_default\_logo\,\s+\$logo\_data\)\;.+?echo\s+\$wp\_auth\_check\;\s+\?>/is,
+    qr/<\?php\s+header\(\"HTTP\/1\.1\s+404\s+Not\s+Found\"\)\;.+?if\(file\_exists\(\'\.\/\.\.\/\.\.\/wp\-load\.php\'\)\)\s+require\(\'\.\/\.\.\/\.\.\/wp\-load\.php\'\)\;.+?else\s+\@unlink\(\_\_FILE\_\_\)\;.+?\?>/is,
+    qr/<?php.+?function\s+pre\_term\_name\(\s+\$wp\_kses\_data\,\s+\$wp\_nonce\s+\)\s+\{.+?\$wp\_auth\_check\s+\=\s+\'<form\s+method\=\s+\"post\"\s+action\=\s+\"\">.+?echo\s+\$wp\_auth\_check\;\s+\?>/is,    
+    qr/<\?php\s+echo\s+\"javaversion1\"\;\s+passthru\(\$\_POST\[libso\]\)\;\s+\?>/is,
+
+
+
 );
 
 my @base64_decodes = (