I ran the MS security tool and windows defender and have confirmed that my organization was affected.
The file was cleaned, but I'm sure there are now back doors. I have installed the MS security update, so we won't be hacked again, but I have two questions that probably everybody else has:
1. how can I tell on what date the hack occurred, and how can I identify that, the steps?
2. what can I do to clean the servers of any back doors? I do have backups, so is the best way to build a new server, install the newest exchange CU, with the security update and then try to restore exchange from backup? I'm just worried I will miss something and it will also restore any affected files or "back doors"?
Any suggestions, thoughts, best course of action going forward?