Hi all.
I use Winbox to manage my boards and it was downloaded from the Mikrotik website, so I assume it is legit.
Malwarebytes keeps warning me and blocking the file serviced.tdi, which apparently is a digital currency miner, and it is allocated in my Mikrotik folder.
I erased it several times but it keeps coming back right into the same location (Mikrotik folder). I searched the forums about this file but no luck.
Is this normal? If not, why it keeps coming back?
Thanks.
Not sure where it comes from nor what it is supposed to be doing but I am not seeing it on my laptop.
Format your PC, change all your passwords… ALL…
Second and third part, I am afraid so too, yes.
First part shows your age. You can’t do that so easy anymore on a PC running win7/8/10/11.
Best to use a rescue CD/USB like SystemRescue (completely different OS).
Obviously I used a figure of speech rather than fully describing the procedure, which gives the same effects…
Your answer instead shows that you don’t know that simply with a USB drive made with, for example, Rufus,
you can easily create a medium to format the computer and reinstall the operating system (at the same time) without many problems.
(Except entering the BIOS / (U)EFI if there is one, to change that you can boot from USB, which by the way must also be done for SystemRescue)
Oh, but I am very well aware about other ways (just gave one example).
What do you think Systemrescue is ? It is a Live USB (can also be CD) to be made with … Rufus (or Balena Etcher, or …).
I have my age as well. Got my hands on computers since 1980.
For possible virus infections I prefer to CLEAN FORMAT using other OS.
And only THEN I will pass again with install of target OS.
I have only one year on 1980, and of course I know those methods… 
If I only had one PC (because otherwise I would remove the disk and format it elsewhere) and I had previously prepared a stick with the Windows installation CD,
that alone would be enough for me to completely clean the disk and reinstall Windows.
I guess I’m gonna step in, in this “digital testosterone levels” argument, since I’m the OP 
Age has nothing to do with knowledge.
Format or reformat are acceptable terms meaning a fresh install or reinstall of an OS, even if it is Win 11 or Ubuntu (my favorite flavor).
Rufus is my preferred method for creating a bootable USB for a fresh OS install (it’s easy to use). Yet, I use Acronis Backup (runs from a USB drive) because I made a backup of my HD with a new install of my OS and all mayor software installed and activated before start using my laptop on a daily basis, since I “redo” my whole HD every 6 months.
My post was just to gather information from other users about this situation and the said offending file and why it keeps showing up in my Mikrotik folder only (or directory or subdirectory, depending on how you wanna call it), after I erased it several times. My other 2 computers with Winbox doesn’t have this issue. I find it odd that there’s no real information of this file on the internet. Opening the destination URL that the file wants to access is a digital currency mining site (Hashvault.pro), registered in Bulgaria.
On a side note, I just saw a video of a “hacker” that developed a trojan that instead of remote controlling a computer, it mines digital currency using 100% CPU and GPU while still, 20% when it’s being used by the operator (a “hacker” with a moral compass???). The file does not get detected as a trojan but rather my firewall blocking access to said site, on port 80, originating from this file.
Needles to say, I have restored my HD to get rid of this issue
Cheers.
I had 9 years old in 1980 
No, is only a method for try to stay undetected…
I meant it as a sarcasm 
The hacker was "interviewed" (really, blowing your anonymity?) and said he didn't wanted to leave the end user with a "slow computer" which cracked me up.
Go figure.
This has nothing to do with Winbox, the malware picks a random appdata folder to hide in.