diff --git a/malware5.pl b/malware5.pl
index 23f0efb..180da09 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -384,7 +384,6 @@ my @regexen = (
     qr/\*\/if\(\@isset\(\$\_SERVER\[HTTP\_25F0C\]\)\)\{\@eval\(base64\_decode\(\$\_SERVER\[HTTP\_25F0C\]\)\)\;\}\/\*/is,
     qr/<\?php\s+\$.+?\'str\'\.\'rev\'\;\$.+?array\(.+?eval\(.+?\?>/is,
     qr/<\?php\s+\$.+?\'gzun\'\.\s+\'comp\'\.\s+\'ress\'\;\$.+?\'ba\'\s+\.\'se\'\s+\.\'64\'\s+\.\'\_d\'\s+\.\'ec\'\s+\.\'od\'\s+\.\'e\'\;\$.+?\'im\'\s+\.\'pl\'\s+\.\'od\'\s+\.\'e\'\;\$.+?array\(.+?eval\(.+?\?>/is,
-    qr/<\?php.+?if\(\!function\_exists\(.+?\)\)\;\?>\'\)\)\;\s+\?><br>\s+<br>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?\\x66lat\\x65\(b\"\.chr\(97\)\.\"se64\"\.chr\(95\)\.\"\"\.chr\(100\)\..+?\"([0-9]{1,20})\"\);/is,
     qr/<\?php.+?Leaf\s+PHP\s+Mailer.+?leafmailer\.pw.+?print\s+\'<\/body>\'\;\s+\?>/is,
     qr/<u\s+style\=\"position\:\s+absolute\;\s+width\:\s+1px\;\s+height\:\s+1px\;\s+margin\:\s+0\;\s+top\:\s+\-1000px\;\s+left\:\s+\-5000px\;\s+overflow\:\s+hidden\;\">.+?pornstar.+?gay.+?www\..+?<\/h1><\/a>.+?<\/u>/is,
@@ -406,7 +405,11 @@ my @regexen = (
     qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
     qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$this\->zipname\s+\=\s+\$p\_zipname\;.+?\$archive\s+\=\s+new\s+PclZip\(\"orppxie\.zip\"\)\;.+?else\s+\{\s+die\(\"1425756856\"\)\;\s+\}/is,
-
+    qr/<\?php.+?\/\/PASSWORD\s+CONFIGURATION.+?if\(\!function\_exists\(.+?\)\)\;\?>\'\)\)\;\s+\?>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;ob\_clean\(\)\;if\(\!function\_exists\(\'str\_ireplace\'\)\)\{function\s+str\_ireplace\(\$a\,\$b\,\$c\)\{return\s+trim\(preg\_replace\(\"\/\"\.addcslashes\(.+?str\_replace\(\'\{.+?\;\}\}\?>/is,
+    qr/RewriteEngine\s+On\s+RewriteRule\s+\^\(topic\|hot\|updated\|free\|review\|rewrite\)\-\(\.\*\)\s+index\.php\?\$1\=\$2\s+\[L\]/is,
+    qr/<\?php\s+function\s+DirFilesR\(\$dir\).+?<title><\?php\s+echo\s+\$\_SERVER\[\'SCRIPT\_FILENAME\'\]\;\?><\/title>.+?\$k\+\+\;\s+\}\s+\?>\s+<\/table>/is,
+    qr/<HTML>.+?<title>Hacked\s+by\s+Mister\s+Spy<\/title>.+?dQ\_\-z9pTRL6tA2kqbnXH6A\.jpg\'>/is,
 
 
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 83d102e..a3a40b2 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -867,7 +867,6 @@ my @regexen = (
     qr/\*\/if\(\@isset\(\$\_SERVER\[HTTP\_25F0C\]\)\)\{\@eval\(base64\_decode\(\$\_SERVER\[HTTP\_25F0C\]\)\)\;\}\/\*/is,
     qr/<\?php\s+\$.+?\'str\'\.\'rev\'\;\$.+?array\(.+?eval\(.+?\?>/is,
     qr/<\?php\s+\$.+?\'gzun\'\.\s+\'comp\'\.\s+\'ress\'\;\$.+?\'ba\'\s+\.\'se\'\s+\.\'64\'\s+\.\'\_d\'\s+\.\'ec\'\s+\.\'od\'\s+\.\'e\'\;\$.+?\'im\'\s+\.\'pl\'\s+\.\'od\'\s+\.\'e\'\;\$.+?array\(.+?eval\(.+?\?>/is,
-    qr/<\?php.+?if\(\!function\_exists\(.+?\)\)\;\?>\'\)\)\;\s+\?><br>\s+<br>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=.+?\\x66lat\\x65\(b\"\.chr\(97\)\.\"se64\"\.chr\(95\)\.\"\"\.chr\(100\)\..+?\"([0-9]{1,20})\"\);/is,
     qr/<\?php.+?Leaf\s+PHP\s+Mailer.+?leafmailer\.pw.+?print\s+\'<\/body>\'\;\s+\?>/is,
     qr/<u\s+style\=\"position\:\s+absolute\;\s+width\:\s+1px\;\s+height\:\s+1px\;\s+margin\:\s+0\;\s+top\:\s+\-1000px\;\s+left\:\s+\-5000px\;\s+overflow\:\s+hidden\;\">.+?pornstar.+?gay.+?www\..+?<\/h1><\/a>.+?<\/u>/is,
@@ -889,7 +888,11 @@ my @regexen = (
     qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
     qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
     qr/<\?php\s+\$this\->zipname\s+\=\s+\$p\_zipname\;.+?\$archive\s+\=\s+new\s+PclZip\(\"orppxie\.zip\"\)\;.+?else\s+\{\s+die\(\"1425756856\"\)\;\s+\}/is,
-
+    qr/<\?php.+?\/\/PASSWORD\s+CONFIGURATION.+?if\(\!function\_exists\(.+?\)\)\;\?>\'\)\)\;\s+\?>/is,
+    qr/<\?php\s+error\_reporting\(0\)\;ob\_clean\(\)\;if\(\!function\_exists\(\'str\_ireplace\'\)\)\{function\s+str\_ireplace\(\$a\,\$b\,\$c\)\{return\s+trim\(preg\_replace\(\"\/\"\.addcslashes\(.+?str\_replace\(\'\{.+?\;\}\}\?>/is,
+    qr/RewriteEngine\s+On\s+RewriteRule\s+\^\(topic\|hot\|updated\|free\|review\|rewrite\)\-\(\.\*\)\s+index\.php\?\$1\=\$2\s+\[L\]/is,
+    qr/<\?php\s+function\s+DirFilesR\(\$dir\).+?<title><\?php\s+echo\s+\$\_SERVER\[\'SCRIPT\_FILENAME\'\]\;\?><\/title>.+?\$k\+\+\;\s+\}\s+\?>\s+<\/table>/is,
+    qr/<HTML>.+?<title>Hacked\s+by\s+Mister\s+Spy<\/title>.+?dQ\_\-z9pTRL6tA2kqbnXH6A\.jpg\'>/is,
 );
 
 my @base64_decodes = (