Hi,
The essence of my question is if hackers, having access to my router, could put malicious code in the default configuration or routerBOOT which I later use to build a new configuration on?

I got hacked with the mikrotik.php.
I did a firmware update to the latest firmware (/system routerboard upgrade, I think it cleanse the boot sequence from malware but I'm not 100% sure) and netinstall with latest ROS.
I thought that would have wiped everything.
I use the default the configuration as a base for my setup. Is the default configuration bundled with the routerOS file for my rb?
I saved a default config from when the rb was new and it is different from the one I get when I reset my rb.
When I connect directly to the internet I can access netflix but when I use the rb3011 I get an error saying that I'm using a proxy.
So could I still be hacked?

If you didn't change passwords then the attackers just reconnected with the stolen password and re-infected the router.

I did the whole process offline: where I did the netinstall,
changed password and username for the admin account and so on using the "https://wiki.mikrotik.com/wiki/Manual:S ... our_Router" guide.
I used the default settings, the rest I got fresh from the internet.

I think it is fishy when I get blocked by Netflix when connecting through the router but not when connecting directly from my computer. That is why I thought something must remain from the hack, but what I do not know. I'm worried that the hackers perhaps has edited the default config script somehow. I wonder if it does not get updated by the netinstall. Otherwise I think what is left, as possibilities goes, is that it is the routerBOOT that has some hack.

I have read a lot about resetting the RB. All say that the device should go back to factory default when using netinstall and I also updated the firmware.

Hence my question.

Edit:
On other peculiarity. I can not restore using my .rsc files. I get "Failed to restore system configuration
file not found". I had the same problem before the netinstall.

If you reset the config to factory defaults, it will use the default configuration for that version of router OS. The default config has changed quite a bit from 6.39 to 6.42.x. I would not expect the original default config that came with the router OS version that shipped with the device to match the default configuration after you erase the config on the latest version of RouterOS.

Did you have any luck with sorting this out? I have a couple instances of clients being detected as a VPN or Proxy and if we eliminate the Mikrotik, they can watch netflix no problem.

Hi,
Anyone an idea?
I have the same thing.
My router was hacked.
Reset it to defaults and update the firmware.
After that I configured it again as it has to be and has allways worked.
But now still netfilx is not working.
If I connect a device at once to the modem (no mikrotik router in place. than netfilx is working but if place the mikrotik back it is not working
Still get the message (unblocker or proxy).

Netflix not working is in no way some indication of a hacked router. There could be lots of reasons why.

Normis,
The router was sure hacked.
I Save Proxy settings and vpn settings (I never made).
But before Netflix works for 3 years.
Now I reset the router and add the config again (same as first setup).
But Netflix is still not working.
If I connect a device right to the modem than netfilx is working.
But if I place the mikrotik at the modem (as normal) than Netflix is not working anymore.
What can be the reason, and better, how can I solve this.