diff --git a/malware4.pl b/malware4.pl
index c79ec2c..8c91f04 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -61,6 +61,7 @@ my @regexen = (
     qr/<\?php\s+session\_start\(\)\;.+?\.php\_uname\(\)\..+?<\/form>/is,
 	qr/\'\;if\(\s+\$\_POST\[\'\_upl\'\].+?<\/form>/is,
 	qr/<\?php\s+if\(\!empty\(\$\_FILES\[\'message\'\]\[\'name\'\]\).+?<\/body>\s+<\/html>\'\;\/\/([0-9]{1,20})/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\"\_\"\.\'G\'\.\'E\'\.\'T\'\;\s+if\s+\(isset\(.+?preg\_replace\(.+?header\(\'Location\:\s+http\:\/\/.+?exit\(\)\;/is,
     
 );
 my @base64_decodes = (