diff --git a/cms-ver.php b/cms-ver.php
index 53adb77..02046f8 100644
--- a/cms-ver.php
+++ b/cms-ver.php
@@ -138,6 +138,7 @@ $versions = array(
     array("PHPDevShell", "/includes/PHPDS.inc.php", "define('phpdevshell_version', 'PHPDevShell V"),
     array("phpAds", "/libraries/lib-dbconfig.inc.php", "\$phpAds_version_readable ="),
     array("Smarty Framework", "/smarty/libs/Smarty.class.php", "var \$_version"),
+    array("phpDealerLocator", "/config.php", "phpDealerLocator v"),
 
 // still need to work on these
     array("CubeCart", "/index.php", "CubeCart v"), // may need one more line
diff --git a/malware5.pl b/malware5.pl
index addab26..9cf4f07 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -400,6 +400,11 @@ my @regexen = (
     qr/<\?php\s+eval\(stripslashes\(\$\_REQUEST\[\".+?\"\]\)\)\;\s+\?>/is,
     qr/<\?php\s+\@include\(\"http\:\/\/pastie\.org\/([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
     qr/<\?php\s+\@include\(\"http\:\/\/.+?\.txt\"\)\;\s+\?>/is,
+    qr/<\?php\s+\$files\s+\=\s+\@\$\_FILES\[\"files\"\]\;.+?OK\-Click\s+here\!.+?<title>Upload\s+files<\/title>.+?\?>/is,
+    qr/<\?php\s+ignore\_user\_abort\(true\)\;+?\$unzip\_path\s+\=\s+\$dir\_path\.\'unzip\.php\'\;.+?echo\s+getURL\(\$url\)\;\s+\}\s+exit\;\s+\}\s+\}\s+\}\s+\?>/is,
+    qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/hastebin\.com\/raw\/.+?fclose\(\$op3\)\;\s+\?>/is,
+    qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
+    qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
     
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 70de8c8..1157799 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -883,7 +883,12 @@ my @regexen = (
     qr/<\?php\s+eval\(stripslashes\(\$\_REQUEST\[\".+?\"\]\)\)\;\s+\?>/is,
     qr/<\?php\s+\@include\(\"http\:\/\/pastie\.org\/([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
     qr/<\?php\s+\@include\(\"http\:\/\/.+?\.txt\"\)\;\s+\?>/is,
-        
+    qr/<\?php\s+\$files\s+\=\s+\@\$\_FILES\[\"files\"\]\;.+?OK\-Click\s+here\!.+?<title>Upload\s+files<\/title>.+?\?>/is,
+    qr/<\?php\s+ignore\_user\_abort\(true\)\;+?\$unzip\_path\s+\=\s+\$dir\_path\.\'unzip\.php\'\;.+?echo\s+getURL\(\$url\)\;\s+\}\s+exit\;\s+\}\s+\}\s+\}\s+\?>/is,
+    qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/hastebin\.com\/raw\/.+?fclose\(\$op3\)\;\s+\?>/is,
+    qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
+    qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
+
 );
 
 my @base64_decodes = (