We have an Amazon EC2 instance.
The folder DbSecurityspt gets automatically installed in c:/ProgramFiles and the associated service also starts automatically. Removing them, installs them again the next day. After googling, it was found be a trojan.
We have scanned our system using Windows Defender but the scan resulted clean. We tried the process of removing it manually, but no relative locations were found.
Blocking outbound port 587 resolves the issue. But since our website uses mailing service we need to open this port. Closing this port slows the response time.
How can we identify the connection between blocking this particular port and installation of this malware?
How can the response speed be improved even on keeping port 587 closed?
