diff --git a/malware4.pl b/malware4.pl
index 295b9a8..0a04656 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -97,7 +97,8 @@ my @regexen = (
     qr/<html>\s+<head>\s+<title>Hacked\s+by\s+ZeDaN\-Mrx.+?<\/iframe>\s+<\/html>/is,
     qr/<\?php\s+if\(isset\(\$\_REQUEST\[\'xftest\'\]\)\)die\(pi\(\)\*6\).+?eval.+?exit\(\)\;\}\s+\?>/is,
     qr/<\?php\s+\@ini\_set\(\'display\_errors\'\,\s+\'0\'\)\;\s+error\_reporting\(0\)\;\s+\$skipme\s+\=\s+false\;\s+\$bad\_agents\s+\=\s+\'\~google.+?<\/script>\"\;\s+\}\s+\}\s+\}\s+\?>/is,
-
+    qr/<\?php\s+if\/\*([A-z0-9]{1,20})\*\/\(isset\(\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\)\{eval\(\/\*([A-z0-9]{1,20})\*\/\$\_REQUEST\[\'([A-z0-9]{1,20})\'\]\)\/\*([A-z0-9]{1,20})\*\/\;exit\;\/\*([A-z0-9]{1,20})\*\/\}\?>/is,
+    
 );
 my @base64_decodes = (