I've been bitten by this bug for several days, to the point where I had had to write a script to delete the WAL so that my server would stop getting locked up from a lack of disk space from codex logging.
I rolled out a home-made backup script in Powershell - just a wrapper around wbadmin that backs up an entire system image and the a standard "Backup and Restore" backup on an external disk once I plugged it in.
It was not compromised a few days ago, that's just when the attack was disclosed. The actual compromise and exploitation happened months ago for several weeks.
Old notepad is still there, it's just in System32 and you have to disable app execution alias for notepad.exe (apps > advanced app settings > app execution aliases)
I only noticed the CPU spike with Process Explorer also in my tray.