EduGeek 1.5.3
Found my site hacked with a Trojan Horse backdoor.R57shell . The 2 files were new.php and old.php. These were placed in the images folder.

First I deleted old.php only to find it recreated itself a few days later. I then realised new.php was not mine and now deleted both.

Is there a way I can find any other dropped files?