Just like last year’s Drupal security issue, Drupal sites not updated are easily got hacked. To recover from that, it’s better to restore everything from a clean backup( files & db ).
But if you don’t have a clean backup, and the database has too much data you can’t simply rebuild the site. Then maybe here is something you can do. But remember, there is no 100% guarantee you can remove all the backdoors and malwares.
Look at this simple step to confirm that you were hacked: How to Check Your Drupal Site Security
Also look at the users & users_roles tables. Here are some typical names that the hackers used:
Using some module to check the site:
There is a module called Drupalgeddon which was designed to look for back doors.
The module creators say very honestly that this module is not perfect. It may miss some exploits and it may produce some false positives, but it may also help you uncover some suspicious files.
You can find modified files based on date: Linux / Unix: Find Files Modified On Specific Date
Update your site as soon as possible.