Solution for WordPress hacked :: update.exe download problem
When you open wordpress site Update.Exe will popup and download automatically.
If You find source it will show this : There’s a downloading of a update.exe initiated by line
Login to Database through PHPMyadmin
wp_ID_options on multisite) there’s a row / option called ‘wp_data_newa’. Will investigate further to see who’s responsible for this but for now you can (temporarily!) fix it by removing it with an SQL statement:
DELETE FROM wp_options
Make sure to adjust your table prefix.