diff --git a/malware6.pl b/malware6.pl
index 9b70dbe..42ac089 100644
--- a/malware6.pl
+++ b/malware6.pl
@@ -114,7 +114,8 @@ my @regexen = (
     qr/GIF89a \w<\?php \@copy\(\$_FILES\[file\]\[tmp_name\], \$_FILES\[file\]\[name\]\); exit; \?>/is,
     qr/<FORM ENCTYPE=\"multipart\/form-data\" METHOD=\"POST\">\s+<title>Uploader <\/title>.+?<INPUT TYPE=\"submit\" VALUE=\"Send\">\s+\<\/FORM>/is,
     qr/<\?php if \(isset\(\$_GET\[([A-z0-9_]{1,20})\]\)\) \{preg_replace\(\"\\x2F.+?\\x3B\",\"\\x2E\"\);\}\?>/is,
-    qr/GIF([A-z0-9_]{1,20})\s+s<\?php\s+if\( file_exists\(\$_FILES\[\"uploadfile\"\]\[\"tmp_name\"\]\) \).+?<INPUT TYPE=\"submit\" VALUE=\"Send\">\s+<\/FORM>/is,
+    qr/GIF([A-z0-9_]{1,20})\s+<\?php\s+if\( file_exists\(\$_FILES\[\"uploadfile\"\]\[\"tmp_name\"\]\) \).+?<INPUT TYPE=\"submit\" VALUE=\"Send\">\s+<\/FORM>/is,
+    qr/<\?php.+?W3LL M!N! SH3LL.+?\/\/ World.+?return \$info;\s+\}\s+\?>/is,
 
 
     
diff --git a/malwaresh.pl b/malwaresh.pl
index 930a64e..54bed44 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1099,8 +1099,8 @@ my @regexen = (
     qr/GIF89a \w<\?php \@copy\(\$_FILES\[file\]\[tmp_name\], \$_FILES\[file\]\[name\]\); exit; \?>/is,
     qr/<FORM ENCTYPE=\"multipart\/form-data\" METHOD=\"POST\">\s+<title>Uploader <\/title>.+?<INPUT TYPE=\"submit\" VALUE=\"Send\">\s+\<\/FORM>/is,
     qr/<\?php if \(isset\(\$_GET\[([A-z0-9_]{1,20})\]\)\) \{preg_replace\(\"\\x2F.+?\\x3B\",\"\\x2E\"\);\}\?>/is,
-    qr/GIF([A-z0-9_]{1,20})\s+s<\?php\s+if\( file_exists\(\$_FILES\[\"uploadfile\"\]\[\"tmp_name\"\]\) \).+?<INPUT TYPE=\"submit\" VALUE=\"Send\">\s+<\/FORM>/is,
-
+    qr/GIF([A-z0-9_]{1,20})\s+<\?php\s+if\( file_exists\(\$_FILES\[\"uploadfile\"\]\[\"tmp_name\"\]\) \).+?<INPUT TYPE=\"submit\" VALUE=\"Send\">\s+<\/FORM>/is,
+    qr/<\?php.+?W3LL M!N! SH3LL.+?\/\/ World.+?return \$info;\s+\}\s+\?>/is,