diff --git a/malware5.pl b/malware5.pl
index f8b2652..6fba425 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -496,8 +496,11 @@ my @regexen = (
     qr/\?\s+eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'\#\#\#\#\#\#\#\#\#\#\#e\#\#va\#\#\#\#\#\#\#\#l\#\(\#\#b\#\#\#\#\#a\#\#\#\#\#\#\#\#\#\#\#s\#\#\#\#\#e\#\#6\#\#\#\#4\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\_\#\#d\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#e\#\#c\#o\#\#de\#\#\#\#\#\#\#\(\#\#\\\'.+?\$([A-z0-9]{1,20})\=str\_replace\(\'\#\'\,\s+\'\'\,\s+\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=create\_function\(\'\'\,\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\(\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{20,}).+?eval\(base64\_decode\(\$([A-z0-9]{1,20})\)\)\;\s+\?>/is,
-    qr/\/\/\s+([A-z0-9]{20,})\s+echo\s+base64\_decode\(.+?\)\;\s+\/\/([A-z0-9]{20,32})/is,
-
+    qr/\/\/\s+([A-z0-9]{20,})\s+echo\s+base64\_decode\(.+?\)\;\s+\/\/([A-z0-9]{20,})/is,
+    qr/<\?php.+?GLOBAL\s+\$wehaveitagain\;.+?\/\/\}\}([A-z0-9]{20,})\s+\?>/is,
+    qr/<html>.+?print\s+\"<h1>\#p\@\$c\@\#<\/h1>\\n\"\;.+?touch\/\*\;\*\/\(\$filename\,\s+\$time\)\;.+?<\/html>/is,
+    qr/<script\s+type\=\"text\/javascript\">var\s+a\=\"\'([A-z0-9]{20,})\'.+?clen\;clen\=a\.length\;for\(i\=0\;i<clen\;i\+\+\)\{b\+\=String\.fromCharCode\(a\.charCodeAt\(i\)\^2\)\}c\=unescape\(b\)\;document\.write\(c\)\;<\/script>/is,
+    
 );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index da0d777..3d69975 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -979,8 +979,11 @@ my @regexen = (
     qr/\?\s+eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\'\#\#\#\#\#\#\#\#\#\#\#e\#\#va\#\#\#\#\#\#\#\#l\#\(\#\#b\#\#\#\#\#a\#\#\#\#\#\#\#\#\#\#\#s\#\#\#\#\#e\#\#6\#\#\#\#4\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\_\#\#d\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#e\#\#c\#o\#\#de\#\#\#\#\#\#\#\(\#\#\\\'.+?\$([A-z0-9]{1,20})\=str\_replace\(\'\#\'\,\s+\'\'\,\s+\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=create\_function\(\'\'\,\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\(\)\;\s+\?>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=\"([A-z0-9]{20,}).+?eval\(base64\_decode\(\$([A-z0-9]{1,20})\)\)\;\s+\?>/is,
-    qr/\/\/\s+([A-z0-9]{20,})\s+echo\s+base64\_decode\(.+?\)\;\s+\/\/([A-z0-9]{20,32})/is,
-
+    qr/\/\/\s+([A-z0-9]{20,})\s+echo\s+base64\_decode\(.+?\)\;\s+\/\/([A-z0-9]{20,})/is,
+    qr/<\?php.+?GLOBAL\s+\$wehaveitagain\;.+?\/\/\}\}([A-z0-9]{20,})\s+\?>/is,
+    qr/<html>.+?print\s+\"<h1>\#p\@\$c\@\#<\/h1>\\n\"\;.+?touch\/\*\;\*\/\(\$filename\,\s+\$time\)\;.+?<\/html>/is,
+    qr/<script\s+type\=\"text\/javascript\">var\s+a\=\"\'([A-z0-9]{20,})\'.+?clen\;clen\=a\.length\;for\(i\=0\;i<clen\;i\+\+\)\{b\+\=String\.fromCharCode\(a\.charCodeAt\(i\)\^2\)\}c\=unescape\(b\)\;document\.write\(c\)\;<\/script>/is,
+    
 );
 
 my @base64_decodes = (