OK, maybe I can say it in some other way. 1) Upgrade to 6.38.5 fixes the botnet scanner and removes it. 2) Upgrade to 6.41.3 fixes SMB vulnerability. This topic is about #1, but you don't seem to have this issue at all, you have some other files in your system. Let me tell you how I see if from the...

but how do you have access to internals of Mikrotik? Is it official way or not? It's 100% official. No hacking at all. That's all that I can say for now. If not, then I should agrre with Normis that you device is not the representative example for the problem. I could agree that maybe you have exam...

You are mixing up two different topics! Botnet is discussed here.

Keep calm and don't use exclamation signs while talking to the customer.

It's more than related: since "the botnet issue" has started we detected malicious activity on our Mikrotiks.

Those are not "people" but one person who has already hacked his device himself. You can ignore him, his instructions can't be done by others. As you may understand it was done because we could get a proper answer from support. There is only one thing needed to determine if you are vulner...

You are right, this is some other tool. We fixed this one in v6.41 only. This is why upgrading to LATEST version is important. Your scanner has been stopped, but the .info process was not deleted. Upgrade to LATEST should fix also that one. I suggest you edit the very first message in the thread an...

This screen clearly shows me version 6.40.5 (that is not vulnerable as you say us) with "/rw/info" and "/ram/.info" processes in memory.

Are you telling me that it's all safe now?

These are leftover files. They don't do anything. This is not the program itself, only some remaining things it created. You can delete those if you like, but the device is no longer "infected" as you say Really? How can you understand it? What's inside this "/rw/info" file? Wha...

Hi again, We have a bunch of Mikrotiks with OS version higher than vulnerable one but all of them are still infected. Even after "update FW" -> "reboot" -> "change password". https://i.imgur.com/RYF7XrG.png https://i.imgur.com/zFpOcIp.png https://i.imgur.com/X9cZDNw.png...

Not sure if you are aware but there is a complete instruction - https://github.com/BigNerd95/Chimay-Red

Hi, Seems that we are having strange processes even after upgrade to version 6.41.3. Could you please post the complete instructions what to check in config or filesystem if we had malicious processes before the upgrade and after upgrade to 6.41.3? Are there any kind of startup scripts what should b...