diff --git a/malware.pl b/malware.pl
index c1f43e1..a727c12 100644
--- a/malware.pl
+++ b/malware.pl
@@ -1439,7 +1439,21 @@ my @regexen = (
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{eval\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\/\*([A-z0-9_]{1,20})\*\/;\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
     qr/<\?php if \(isset\(\$\{\"_REQUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\"assert\";\$([A-z0-9_]{1,20})\(\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\]\);exit;\}/is,
-        
+    qr/<\?php.+?function decrypt\(\$str\,\$pwd\)\{\$pwd=base64_encode\(\$pwd\);\$str=base64_decode\(.+?call_user_func\(\'action\' \. \$_POST\[\'a\'\]\);\s+\?>/is,
+    qr/<\!\-\- HTML And JavaScript \-\->.+?Rebels Mailer.+?<\/span>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+if\(isset\(\$_GET\[\"up\"\]\)\)\{echo\"<font color=\#FFFFFF>\[uname\]\"\.php_uname\(\)\.\"\[\/uname\]\";echo\"<br><font color=\#FFFFFF>\[dir\]\"\.getcwd\(\)\.\"\[\/dir\]\";echo\"<form method=post enctype=multipart\/form-data>\";echo\"<input type=file name=f><input name=v type=submit id=v value=up><br>\";if\(\$_POST\[\"v\"\]==up\)\{if\(\@copy\(\$_FILES\[\"f\"\]\[\"tmp_name\"\]\,\$_FILES\[\"f\"\]\[\"name\"\]\)\)\{echo\"<b>Success<\/b>\-\->\"\.\$_FILES\[\"f\"\]\[\"name\"\];\}else\{echo\"<b>Failed\";\}\}\}\s+\?>/is,
+    qr/<\?php\s+\@ini_set\(\'display_errors\', \'0\'\);.+?\$bad_agents = \'\~google.+?\@include\(\"\{\$eb\}\.\$algo\"\);\s+\}\s+\}\s+\?>/is,
+    qr/<\?php if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)die\(pi\(\)\*6\);\$GLOBALS\[\'.+?\)\)\);if\(isset\(\$_1\)\)\{\@eval\(\$_1\);exit\(\);\}\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$except\(stripslashes\(\$internal\)\) \&\& exit; if\(\!class_exists\(\'Ratel\'\)\).+?\$ratel->init\(\$ruri,\$host,\$is_bot\);\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$system\(stripslashes\(\$catch\)\) \&\& exit;/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$pass\(stripslashes\(\$not\)\) \&\& exit; if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\/\*([A-z0-9_]{1,20})\*\/\"assert\";\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\/\*([A-z0-9_]{1,20})\*\/;exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
+    qr/<\?php if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\"assert\";\/\*([A-z0-9_]{1,20})\*\/\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$lock\(stripslashes\(\$request\)\) \&\& exit; if\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$request\(stripslashes\(\$catch\)\) \&\& exit; if\(\!class_exists\(\'Ratel\'\)\)\{.+?\$ratel->init\(\$ruri,\$host,\$is_bot\);\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$internal\(stripslashes\(\$user\)\) \&\& exit;\s+if \(\!class_exists\(\'Ratel\'\)\) \{.+?\$ratel->init\(\$ruri, \$host, \$is_bot\);\s+\}\s+\?>/is,
+    qr/\@ini_set\(\'display_errors\', \'0\'\);\s+error_reporting\(0\);\s+\$skipme = false;\s+\$bad_agents = \'\~google.+?register_shutdown_function\(\'ob_end_flush\'\);\s+\}\s+\}\s+\?>/is,
+    qr/if\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
+    
 );
 
 my @base64_decodes = (
diff --git a/malwaresh.pl b/malwaresh.pl
index facb10a..ae56eb9 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -1449,8 +1449,20 @@ my @regexen = (
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
     qr/<\?php \/\*([A-z0-9_]{1,20})\*\/if\/\*([A-z0-9_]{1,20})\*\/\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{eval\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\/\*([A-z0-9_]{1,20})\*\/;\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
     qr/<\?php if \(isset\(\$\{\"_REQUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\"assert\";\$([A-z0-9_]{1,20})\(\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\]\);exit;\}/is,
-    
-
+    qr/<\?php.+?function decrypt\(\$str\,\$pwd\)\{\$pwd=base64_encode\(\$pwd\);\$str=base64_decode\(.+?call_user_func\(\'action\' \. \$_POST\[\'a\'\]\);\s+\?>/is,
+    qr/<\!\-\- HTML And JavaScript \-\->.+?Rebels Mailer.+?<\/span>\s+<\/body>\s+<\/html>/is,
+    qr/<\?php\s+if\(isset\(\$_GET\[\"up\"\]\)\)\{echo\"<font color=\#FFFFFF>\[uname\]\"\.php_uname\(\)\.\"\[\/uname\]\";echo\"<br><font color=\#FFFFFF>\[dir\]\"\.getcwd\(\)\.\"\[\/dir\]\";echo\"<form method=post enctype=multipart\/form-data>\";echo\"<input type=file name=f><input name=v type=submit id=v value=up><br>\";if\(\$_POST\[\"v\"\]==up\)\{if\(\@copy\(\$_FILES\[\"f\"\]\[\"tmp_name\"\]\,\$_FILES\[\"f\"\]\[\"name\"\]\)\)\{echo\"<b>Success<\/b>\-\->\"\.\$_FILES\[\"f\"\]\[\"name\"\];\}else\{echo\"<b>Failed\";\}\}\}\s+\?>/is,
+    qr/<\?php\s+\@ini_set\(\'display_errors\', \'0\'\);.+?\$bad_agents = \'\~google.+?\@include\(\"\{\$eb\}\.\$algo\"\);\s+\}\s+\}\s+\?>/is,
+    qr/<\?php if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)die\(pi\(\)\*6\);\$GLOBALS\[\'.+?\)\)\);if\(isset\(\$_1\)\)\{\@eval\(\$_1\);exit\(\);\}\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$except\(stripslashes\(\$internal\)\) \&\& exit; if\(\!class_exists\(\'Ratel\'\)\).+?\$ratel->init\(\$ruri,\$host,\$is_bot\);\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$system\(stripslashes\(\$catch\)\) \&\& exit;/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$pass\(stripslashes\(\$not\)\) \&\& exit; if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\/\*([A-z0-9_]{1,20})\*\/\"assert\";\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\/\*([A-z0-9_]{1,20})\*\/;exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
+    qr/<\?php if\(isset\(\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\"assert\";\/\*([A-z0-9_]{1,20})\*\/\$([A-z0-9_]{1,20})=\$([A-z0-9_]{1,20})\/\*([A-z0-9_]{1,20})\*\/\(\/\*([A-z0-9_]{1,20})\*\/\$_REQUEST\[\'([A-z0-9_]{1,20})\'\]\);\/\*([A-z0-9_]{1,20})\*\/exit;\/\*([A-z0-9_]{1,20})\*\/\}\?>/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$lock\(stripslashes\(\$request\)\) \&\& exit; if\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$request\(stripslashes\(\$catch\)\) \&\& exit; if\(\!class_exists\(\'Ratel\'\)\)\{.+?\$ratel->init\(\$ruri,\$host,\$is_bot\);\}/is,
+    qr/<\?php\s+extract\(\$_REQUEST\) \&\& \@\$internal\(stripslashes\(\$user\)\) \&\& exit;\s+if \(\!class_exists\(\'Ratel\'\)\) \{.+?\$ratel->init\(\$ruri, \$host, \$is_bot\);\s+\}\s+\?>/is,
+    qr/\@ini_set\(\'display_errors\', \'0\'\);\s+error_reporting\(0\);\s+\$skipme = false;\s+\$bad_agents = \'\~google.+?register_shutdown_function\(\'ob_end_flush\'\);\s+\}\s+\}\s+\?>/is,
+    qr/if\(isset\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\)\)\{\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\(\$_COOKIE\[\"([A-z0-9_]{1,20})\"\]\);exit;\}/is,
 
 );