diff --git a/malware5.pl b/malware5.pl
index ee2ac88..16cd963 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -251,6 +251,11 @@ my @regexen = (
     qr/<\?php\s+eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php.+?\$pos\s+\=\s+strpos\(\$haystack\,\s+\$needle\)\;.+?function\s+mailer\_spam\_cycle\(.+?\'OK\'\)\;\s+\}/is,
     qr/<html>.+?parent\.window\.opener\.location\=\"http\:\/\/redirg\.info\/\?access\=.+?<\/html>/is,
+    qr/<\?php.+?\{if\(is\_uploaded\_file\(\$\_FILES\[\"filename\"\]\[\"tmp\_name\"\]\)\)\{.+?\@eval\(\$uidmail\)\;\s+\}/is,
+    qr/([0-9]{20,})<\?php\s+\@eval\(\$\_POST\[\'c\'\]\)\;\s+die\(\)\;\?>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;echo\'404\-NOT\-FOUND\-ERROR\'\;\s+\$([A-z0-9]{1,20})\=gzinflate\(base64\_decode\(.+?\}\}closedir\(\$([A-z0-9]{1,20})\)\;\?>/is,
+    qr/<\?php\s+\@eval\(\$\_POST\[([A-z0-9]{1,20})\]\)\;\?>/is,
+
 );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index 87dc027..32341b5 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -731,7 +731,11 @@ my @regexen = (
     qr/<\?php\s+eval\(gzinflate\(base64\_decode\(.+?\)\)\)\;\s+\?>/is,
     qr/<\?php.+?\$pos\s+\=\s+strpos\(\$haystack\,\s+\$needle\)\;.+?function\s+mailer\_spam\_cycle\(.+?\'OK\'\)\;\s+\}/is,
     qr/<html>.+?parent\.window\.opener\.location\=\"http\:\/\/redirg\.info\/\?access\=.+?<\/html>/is,
-    
+    qr/<\?php.+?\{if\(is\_uploaded\_file\(\$\_FILES\[\"filename\"\]\[\"tmp\_name\"\]\)\)\{.+?\@eval\(\$uidmail\)\;\s+\}/is,
+    qr/([0-9]{20,})<\?php\s+\@eval\(\$\_POST\[\'c\'\]\)\;\s+die\(\)\;\?>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;echo\'404\-NOT\-FOUND\-ERROR\'\;\s+\$([A-z0-9]{1,20})\=gzinflate\(base64\_decode\(.+?\}\}closedir\(\$([A-z0-9]{1,20})\)\;\?>/is,
+    qr/<\?php\s+\@eval\(\$\_POST\[([A-z0-9]{1,20})\]\)\;\?>/is,
+
 
 );