As per Microsoft Recommendations, we already installed all security patches earlier in the March and installed CU 20 updates. Here are the details about our issues. Any help on this will be appreciated:
Issue: High CPU utilization due to cmd.exe process
Exchange 2016 Standard
Work done so far:
All patches installed, CU 20 installed, Performed multiple scan with Microsoft Safety Scanner, every time it finds and remove "Backdoor:MSIL/Chopper.F!dha " but next day same issue occurs
Opened CMD.exe file with process explorer today and found following scripts:
C:\Windows\System32\cmd.exe -o 220.127.116.11:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON
Also ran Exchange Mitigation Tool and it did not found anything.