diff --git a/malware4.pl b/malware4.pl
index 90d85e4..adea505 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -348,7 +348,11 @@ my @regexen = (
     qr/<html>\s+<head>.+?SemsexTheBg78.+?frameborder\=\"0\"\s+allowfullscreen>/is,
     qr/<\!doctype\s+html>\s+<html>\s+<title>Vespa<\/title>.+?Hacked\s+By\s+Trihash.+?<\/html>/is,
     qr/\"><input\s+type\=submit.+?\!function\_exists\(\"posix\_getpwuid\"\).+?<\/marquee><\/div>/is,
-        
+    qr/<\?php\s+\$db\_\_g\_\=\'base\'\.\(128\/2\)\.\'\_de\'\.\'code\'\;\$db\_\_g\_\=\$db\_\_g\_\(str\_replace\(.+?submit\"value\=\"\&gt\;\"\/><\/form>/is,
+    qr/<\?php\s+\$\{\"\\x.+?\]\=\"key\"\;\@ini\_set\(.+?\]\}\=\@unserialize\(decode\(get\_params\(\$\{\$\{\"GLO.+?\]\}\;\}\s+\?>/is,
+    qr/<\?php\s+eval\(gzinflate\(base64\_decode\(.+?\'\)\)\)\;\s+\?>/is,
+    qr/<\?php\s+eval\(\"\?>\"\.base64\_decode\(\".+?\"\)\)\;\s+\?>/is,
+
 );
 
 my @base64_decodes = (