When i restart my RB2011, sometimes those messages appear
cp: /nova/store/user/aaa.idx: No such file or directory
cp: /nova/store/user/aaa.dat: No such file or directory
cp: /ram/reset/aaa.idx: No such file or directory
cp: /ram/reset/aaa.dat: No such file or directory
Is it normal ?
Maybe it covered by the blog: http://forum.mikrotik.com/t/security-announcement-blog/121761/1
Upgrade → Change password → Implement a firewall
Yes, ok is the device compromise ?
because i have upgrade and it steel pop the message.
Regards
Seems it is infected by something that can protect itself against a regular upgrade. So a netinstall seems to be necessary (and after you finish it and the messages do not appear, change the passwords one more time before connecting it to the net). Also bear in mind that once the malware could get in in the past, the device may be infected from the internal network as well if the malware has managed to install itself on something in the internal network.
How would malware get access to run arbitrary cp commands? This looks more like a bug in RouterOS, unless there is a new exploit available to elevate winbox to shell access (which is rumored to be possible).
Even after netinstall i have the same message 
Pretty scary