Solution for WordPress hacked :: update.exe download problem

Problem :

When you open wordpress site Update.Exe will popup and download automatically.

If You find source it will show this : There’s a downloading of a update.exe initiated by line <script src="//"></script>

Solution :

Login to Database through PHPMyadmin


In your wp_options (orwp_ID_options on multisite) there’s a row / option called ‘wp_data_newa’. Will investigate further to see who’s responsible for this but for now you can (temporarily!) fix it by removing it with an SQL statement:

DELETE FROM wp_options WHERE option_name like '%wp_data_newa%'

Make sure to adjust your table prefix.

Good Luck