its to hard to deal with here , but the best soulution would be to initially text match to write $decode, and then actually decode the string, then compare if the text precedding the //write appears in the decoded text. That wasy u could be sure that the PM was just the virus propergating.
